In a newly updated regulatory filing, Conduent has confirmed that a cyberattack first identified in January 2025 now affects more than 25 million individuals nationwide. The growing scope of the breach has intensified scrutiny from state regulators and renewed concerns about third-party risk in healthcare data ecosystems.
From 15.5 Million to 25 Million+
Earlier disclosures to Texas regulators indicated that approximately 15.5 million Texans were impacted, including about 4 million members of Blue Cross Blue Shield of Texas. The revised figures, submitted to Wisconsin authorities, now put the nationwide impact at “25 million-plus.”
That escalation prompted Texas Attorney General Ken Paxton to launch a formal investigation, describing the event as potentially one of the largest breaches in U.S. history.
However, while significant, the Conduent incident does not hold the all-time record. That distinction remains with UnitedHealth Group’s IT services division, Change Healthcare, which disclosed that a 2024 ransomware attack linked to the Alphv/BlackCat group affected approximately 193 million individuals.
Multi-State Investigations Underway
Texas is not alone. Montana officials began examining the breach in late 2024 after approximately 462,000 members of Blue Cross Blue Shield of Montana were notified of exposure linked to the vendor.
Several major healthcare and insurance entities have acknowledged exposure through Conduent’s systems, including:
-
Premera Blue Cross
-
Humana
Additionally, Volvo reported that personal and health plan data for roughly 17,000 employees and affiliates was also impacted.
Timeline of the Intrusion
Conduent stated that it detected suspicious activity on January 13, 2025. Subsequent forensic analysis determined that attackers had accessed company servers between October 21, 2024, and January 13, 2025 — nearly three months of undetected presence.
Compromised data may include:
-
Names
-
Home addresses
-
Dates of birth
-
Social Security numbers
-
Health insurance information
-
Medical data
In April 2025, Conduent formally disclosed the breach in a filing with the U.S. Securities and Exchange Commission.
Ransomware Connection and Dark Web Claims
According to monitoring platform Ransomware.live, the ransomware group SafePay listed Conduent as a victim in February 2025, claiming possession of 8.5 terabytes of stolen data and threatening publication.
As of the latest company statement, Conduent maintains that there is no confirmed evidence that the affected data has been publicly released or misused. The company says it activated incident response protocols immediately upon discovery and continues to monitor for data exposure.
The Bigger Security Lesson: Third-Party Risk in Healthcare
The Conduent breach underscores a growing and systemic issue in healthcare cybersecurity: the expanding attack surface created by third-party vendors and back-office service providers.
Even organizations with strong internal controls remain vulnerable if service partners are compromised. Healthcare data ecosystems now involve insurers, benefits administrators, payroll processors, IT vendors, and cloud providers — each representing potential entry points.
Key takeaways for security leaders:
-
Continuous vendor risk assessment is critical, not just annual reviews.
-
Zero-trust architectures must extend to third-party integrations.
-
Ransomware resilience planning should assume extended dwell times.
-
Regulatory coordination will intensify as multi-state impacts become common.
With 25 million and counting, the Conduent breach is a reminder that healthcare data remains a high-value target — and that vendor oversight is no longer a compliance checkbox, but a frontline defense requirement.
0 Comments