Conifer Value-Based Care, LLC (“Conifer”) Data Breach – Investigated by Federman & Sherwood
Oklahoma City, Oklahoma (December 19, 2025) – Federman & Sherwood announces that it is investigating a data breach involving Conifer Value-Based Care, LLC (“Conifer”), which was reported to the California Attorney General.
According to the notification, Conifer discovered on August 28, 2025, that an unauthorized third party gained access to an employee’s Microsoft Office 365 business email account. The investigation determined that the unauthorized access occurred on August 28 and August 29, 2025. Conifer reported that its internal network systems were not compromised, but information contained within the affected email account may have been accessed.
Conifer completed its review of the incident on November 10, 2025, notified impacted providers and health plans on November 14, 2025, and began issuing individual notices in December 2025. The information potentially involved varies by individual and may include names and other personal information, some of which may relate to healthcare services or guarantors. Conifer stated that Social Security numbers, financial account information, and account passwords were not involved.
Federman & Sherwood is investigating the scope of the incident, the adequacy of Conifer’s cybersecurity and email security protocols, and whether reasonable measures were in place to protect sensitive personal and healthcare-related information.
The compromised information may have included:
- Full name
- Other sensitive information
What is Conifer Value-Based Care, LLC (“Conifer”)?
Conifer Health Solutions (Conifer) provides technology-enabled revenue cycle and value-based care services for hospitals, health systems, physicians, employers, and unions.
Individuals who received a notification from Conifer Value-Based Care, or who believe their information may have been affected, are encouraged to contact Federman & Sherwood at 1-800-237-1277 or email info@federmanlaw.com for more information.