Between September 17 and September 23, 2025, an unauthorized actor exploited an unknown vulnerability in Insightin Health’s GoAnywhere managed file transfer tool, gaining access to a subset of servers. Insightin Health provides AI-powered health management technology to healthcare payers and Blue Cross organizations. The company notified 142,727 individuals on January 28, 2026. Medusa ransomware group claimed responsibility, demanding $500,000 ransom and claiming to possess 378 GB of stolen data. Insightin Health has not confirmed Medusa’s involvement. Compromised data includes member names, dates of birth, non-unique health plan identifiers, contract numbers, Medicare Beneficiary Identifiers, and attributed provider information. This was Insightin Health’s second data security incident in two years.