Excelas (Ocelot Ventures, LLC) disclosed unauthorized access to its systems between November 27 and December 3, 2025, with compromised data spanning PII, PHI, and financial account details. For organizations that share data with Excelas as a business services vendor, this is a third-party data exposure event requiring vendor risk management response, regulatory notification assessment, and identity monitoring for affected individuals.