American Addiction Centers Ransomware Attack Affects Almost 411,000 Patients
American Addiction Centers, Inc., a Brentwood, TN-based addiction rehabilitation center, has recently confirmed that 410,747 current and former patients have been affected by a cybersecurity incident and may have had their protected health information stolen. A copy of the individual notification letters was sent to the Maine Attorney General confirming that the compromised data included names, addresses, phone numbers, dates of birth, medical record numbers, other identifiers, Social Security numbers, and health insurance information. The unauthorized third party did not obtain any financial or treatment information. The stolen data related to patients of American Addiction Centers as well as its affiliated providers, AdCare (MA & RI), the Greenhouse (TX), Desert Hope Center (NV), Oxford Treatment Center (MS), Recovery First (FL), Sunrise House (NJ), River Oaks Treatment Center (FL), and Laguna Treatment Hospital (CA).
The cyberattack was detected on or around September 26, 2024, and third-party cybersecurity experts were engaged to investigate the incident. American Addiction Centers said the attack was quickly contained and law enforcement was notified. The forensic investigation confirmed that a threat actor had access to its systems between September 23 and September 24, 2024, and during that time, exfiltrated files that included patient information.
American Addiction Centers said protective measures had been implemented prior to the attack to safeguard patient data, and additional security protocols will be implemented to enhance the security of its IT environments. The affected individuals were notified by mail on December 23, 2024, and have been offered complimentary single bureau credit monitoring, credit report, and credit score services for 12 months.
The notification letters do not state the name of the threat actor behind the attack; however, the Rhysida ransomware group has claimed responsibility. Rhysida has conducted many attacks on healthcare organizations including Prospect Medical, Lurie Children’s Hospital, and Axis Health System. Rhysida attempts to sell the stolen data if the ransom is not paid. If a buyer can’t be found, the stolen data is leaked on the group’s data leak site, as was the case with this attack. The group leaked the 2.8 TB of data that could not be sold. As such, individuals who receive a notification letter about the data breach should ensure they sign up for the credit monitoring services as soon as possible and should monitor their accounts carefully.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
