Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

American Addiction Centers Data Breach Impacts 422,000 People

American Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach.

American Addiction Centers is notifying more than 422,000 people that their personal information was stolen in a recent data breach.

The Brentwood, Tennessee-based organization provides inpatient and outpatient substance abuse treatment services through a network of rehabilitation facilities across multiple states. It employs over 2,700 people.

The incident was identified on September 26, but the attackers had access to the organization’s servers for at least several days prior and stole certain data during that time.

In late November, the organization informed the US Department of Health and Human Services that 410,747 individuals were affected by the attack.

On December 23, American Addiction Centers notified the Maine Attorney General’s Office that the attackers stole the personal information of 422,424 people, and that it has started sending written notification letters to all the affected individuals.

The exfiltrated information includes names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, and medical record numbers or other identifiers.

“The affected information did not include your treatment information, or payment card data,” the notification letter, a copy of which was submitted to the Maine AGO, reads.

American Addiction Centers says it is not aware of any identity theft or fraud related to the use of the stolen information, but is providing the affected individuals with 12 months of free alerts on changes made to their credit files.

Advertisement. Scroll to continue reading.

The organization has not shared specific details on the type of cyberattack it fell victim to, but the Rhysida ransomware gang claimed responsibility for the incident in mid-November, when it added American Addiction Centers to its Tor-based leak site.

The cybercrime group said it stole roughly 2.8 terabytes of data from the organization, and has made most of it available publicly, indicating that it failed to extort American Addiction Centers.

Related: 5.6 Million Impacted by Ransomware Attack on Healthcare Giant Ascension

Related: Hacker Leaks Cisco Data

Related: Cruise Giant Carnival Says Customers Affected by Breach

Related: DigitalOcean Discloses Breach Involving Billing Information

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.