American Addiction Centers reports data breach
Learn More
American Addiction Centers reports a data breach, described as a "hacking / IT incident" involving a network server.
American Addiction Centers, founded in 2007 and based in Brentwood, Tennessee, is the operator of the largest network of rehabilitation facilities in the country. The company provides substance abuse treatment services across multiple states including California, Florida, Texas, Nevada, Massachusetts, Mississippi, New Jersey, and Rhode Island.
No details are disclosed about the attack, including:
- The specific types of sensitive information that were exposed
- The total number of affected individuals
- The exact date when the breach was discovered
- The method or attack vector used by the unauthorized party
- Whether the incident involved ransomware or data exfiltration
- The monetary impact of the breach
The company has indicated that they will be sending personalized data breach notification letters to affected individuals, which will detail the specific information compromised for each recipient.
Update - as of 27th of December 2024, American Addiction Centers reports that the incident occurred between September 23 and September 26, 2024, with data theft confirmation by investigators on October 3. The breach impacted 422,424 individuals, with the following sensitive information exposed:
- Names
- Addresses
- Phone numbers
- Dates of birth
- Medical record numbers and other identifiers
- Social Security numbers
- Health insurance information
- Patient status at addiction treatment center
The Rhysida ransomware group claimed responsibility for the attack in November 2024, stating they had stolen 2.8 terabytes of data and claimed to have sold 10% of the data before leaking the remainder online.
