Blue & Co., LLC Data Breach Investigation

On November 7, 2024, an unauthorized character gained access to Blue & Co.’s IT environment. The breach was discovered on December 7, 2024; and, in May 2025, it was determined that individuals’ personally identifiable information (“PII”) and protected health information (“PHI”) was compromised during the breach. The types of PII and PHI compromised during the breach were names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, individual tax identification numbers, financial account information with or without access credentials, medical information, medical record numbers, diagnostic information, procedure types, admission dates, patient identification numbers, Medicare identification numbers, billing / claims information, patient encounter numbers, treatment locations, treatment costs, prescription information, mental or physical conditions, treating/referring physicians, diagnostic codes, username/passwords, and health insurance information. The PII and PHI was provided to Blue & Co. by its clients which may include hospitals, physician groups, dental practices and pharmacies. Beginning on July 3, 2025, Blue & Co. began sending notification letters to affected individuals. If you or someone you know receives a notification letter about the data breach and would like additional information about your legal rights, you can contact Goldenberg Schneider, LPA by calling 513-982-1569, sending an email to [email protected] or completing the “Contact Us” form to the right.