01
On your device
Your email becomes a one-way fingerprint in your browser. The address itself never leaves the page.
Private health-data breach check
Has your medical life been exposed?
Check your email against known health-data breaches. The check runs on your device, so your address never leaves this page.
1B+records exposed in reported U.S. healthcare breaches since 2009.
Free · No account · We never store your email
On device
On your device · SHA-1 fingerprint
These 6 characters are all that leave this page.
Everything else stays on your device. Cellar's own server never sees it.
1,035,080,818 individual records have been exposed in reported U.S. healthcare breaches since 2009.
individual records exposed in reported U.S. healthcare breaches since 2009. That is more than 3.1 times the U.S. population.
139,609,238people affected in 2025 alone
788reported breaches in 2025
192,700,000from one incident (Change Healthcare, Inc., 2024)
382,491people affected every day in 2025
Source: Cellar analysis of the HHS OCR breach portal, June 2026. These are public figures, not Cellar data.
How it works
Built so we cannot see your email
02
Six characters
Only the first six characters of that fingerprint are sent. Cellar and the breach service both see only those six.
03
Matched here
The matching breaches come back, and the final match happens on your device. Nothing about you is stored.
Awareness · not confirmed for youHHS OCR portal
Were you a patient at a breached organization?
Search U.S. healthcare breaches of 500 or more patients, reported to the Department of Health and Human Services. This is public, organization-level information. Appearing here does not mean your data was exposed, only that the organization reported a breach.
Loading…
Directory last rebuilt June 2026. Covers 7,730 U.S. healthcare breaches reported to HHS, 2009 to 2026.
Outside the U.S. there is no public per-breach health registry, so this directory is U.S. only. The email check above is worldwide. In the EU, ENISA Health Threat Landscape found health providers were 53% of analyzed health-sector cyber incidents (2021 to 2023), with ransomware in 54%.
Breach data from Have I Been Pwned, used under CC BY 4.0. Awareness data from the HHS Office for Civil Rights breach portal.
Questions
Honest about what this can and cannot tell you
How do I check if my health data has been breached?
Enter your email above. It is turned into a one-way fingerprint in your browser, and only the first six characters are sent, so your email never leaves your device. You get back the breaches your email appears in, plus a searchable directory of reported U.S. healthcare breaches.
Is this health data breach check free?
Yes. The check is free and needs no account, and the full report is shown with no email gate.
Does the tool store or see my email address?
No. Your email is hashed on your device with SHA-1, and only a six-character prefix of that hash is sent. Cellar's server and the breach service both see only those six characters, which match millions of addresses.
How can I verify my email never leaves the page?
Open your browser's network panel and run a check: the only request carries a six-character prefix. The tool also shows you that exact request inline.
What is the difference between the Verified and Awareness results?
Verified means your email address was found in a specific breach. Awareness lists U.S. healthcare organizations that reported a breach to the government. That is public, organization-level information, and it is never confirmed for you personally.
Does a clean result mean my medical data was never exposed?
No. The check only covers breaches that have been made public and added to these sources. Many breaches are never disclosed, and one can surface long after it happens, so treat a clean result as good news rather than a guarantee.
How much health data has been breached in the United States?
More than one billion individual records have been exposed in reported U.S. healthcare breaches since 2009, over three times the U.S. population, across more than 7,700 reported breaches. (Cellar's analysis of the public HHS Office for Civil Rights breach portal.)
What should I do if my medical data was breached?
Change any reused passwords and turn on two-factor authentication, be wary of targeted phishing that references real details about you, and consider a credit freeze if identity or financial data was exposed. A breach cannot be undone, so what you most control is where your records live going forward.
Does this work outside the United States?
Yes, for the email check. It looks your email up against Have I Been Pwned, which indexes breaches worldwide, so it works anywhere. The organization directory is U.S. only, because it is built from the U.S. HHS breach portal and there is no public per-breach health registry elsewhere.
What about European or GDPR health breaches?
Europe has no public per-breach health registry: GDPR breach notifications are confidential to national regulators, so there is no directory to search. The email check still covers European breaches. For scale, ENISA reports that health providers accounted for 53% of analyzed EU health-sector cyber incidents from 2021 to 2023, with ransomware in 54%.
What is Cellar?
Cellar is a private, encrypted home for your medical records. It reads and organizes your labs, scans, and notes into one source-linked timeline you can search, ask in plain language, and share read-only with a clinician. This tool is built the same way Cellar is: it refuses to collect your data even when it easily could.
Going forward
Your medical life, carefully kept.
A breach cannot be undone. What comes next can live in one private, encrypted place that reads and organizes your records into a timeline you control. Prepare a record packet after an exposure, then share it read-only with a clinician.