Sermo, a healthcare knowledge platform, recently reported a ransomware attack that compromised personal information, including Social Security numbers, of affected individuals. If you were impacted, you may be entitled to compensation. Learn more about what happened and how to protect your information.
Sermo’s Data Breach Investigation
Sermo, a knowledge platform connecting healthcare professionals globally, recently disclosed a data breach after an unauthorized actor, identified as the Black Basta ransomware group, gained access to its network. The breach occurred between March 19, 2024, and April 10, 2024, following a power outage at Sermo’s data center in Denmark, which led to the discovery of the incident.
Upon learning of the suspicious activity on April 10, 2024, Sermo immediately took action to secure its network and retained cybersecurity professionals to investigate the breach. The investigation revealed that the ransomware attack involved the unauthorized access and acquisition of files from Sermo’s systems.
Black Basta took responsibility for the attack and later posted the stolen data on its dark web leak site. Sermo made multiple attempts to download the data, but due to the slow nature of the leak site, it wasn’t until September 20, 2024, that the full dataset was downloaded. The data was eventually removed from the site on January 27, 2025.
Sermo’s investigation into the leaked data confirmed that the personal information of several individuals was impacted, including the Social Security numbers of five Maine residents. Although Sermo has stated that there is no evidence of identity theft or fraud as a result of the breach, they are offering identity monitoring services to affected individuals as a precautionary measure.
When Did This Breach Occur?
The breach occurred between March 19, 2024, and April 10, 2024. The suspicious activity was detected on April 10, 2024, with the full data being downloaded by September 20, 2024. The data was no longer accessible after January 27, 2025, when Black Basta’s leak site was taken down.
What Information Was Breached?
The information that may have been compromised includes:
Sermo has emphasized that while medical records or detailed health information were not specifically mentioned, there may have been health-related data accessed as part of the breach. However, Sermo believes that identity theft or fraud has not occurred from this data breach as of now.
What You Can Do
If you were affected by the Sermo data breach, it is crucial to take immediate steps to protect your personal information:
-
Enroll in identity monitoring services: Sermo is offering complimentary credit monitoring and identity theft protection services through Kroll for 12 months. This service includes:
-
Monitor your credit and bank accounts: Regularly review your bank statements, credit card accounts, and credit reports for any suspicious activity.
-
Obtain your free credit report: You are entitled to one free credit report annually from each of the three major credit bureaus: Equifax, Experian, and TransUnion. Visit AnnualCreditReport.com to access your reports and check for any unauthorized activity.
-
Place a fraud alert or credit freeze: Consider placing a fraud alert or credit freeze on your credit file to prevent unauthorized access and new credit from being issued in your name.
-
Stay vigilant for identity theft: If you notice anything suspicious, contact your financial institution or service provider immediately.
While no immediate action is required, these steps will help safeguard your information against any potential misuse.
File a Data Breach Lawsuit Against Sermo
If you received a data breach notification from Sermo or believe your personal information was exposed, you may be eligible to file or join a class action lawsuit. Compensation may be available for the time spent addressing the breach, any out-of-pocket expenses, and potential damages for identity theft or fraud.
Class action lawsuits serve as a way for individuals affected by breaches to hold companies accountable for not adequately protecting their data. If you’ve been impacted, it’s important to act now.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in data breach lawsuits. Fill out our quick, easy, and secure form to sign up for a free consultation to see if you have a case. There is no cost to reach out to our legal partner, and you are under no obligation after speaking with someone from our team.
