SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

American Addiction Centers Data Breach Impacts 422,000 People

American Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach.

American Addiction Centers is notifying more than 422,000 people that their personal information was stolen in a recent data breach.

The Brentwood, Tennessee-based organization provides inpatient and outpatient substance abuse treatment services through a network of rehabilitation facilities across multiple states. It employs over 2,700 people.

The incident was identified on September 26, but the attackers had access to the organization’s servers for at least several days prior and stole certain data during that time.

In late November, the organization informed the US Department of Health and Human Services that 410,747 individuals were affected by the attack.

On December 23, American Addiction Centers notified the Maine Attorney General’s Office that the attackers stole the personal information of 422,424 people, and that it has started sending written notification letters to all the affected individuals.

The exfiltrated information includes names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, and medical record numbers or other identifiers.

Advertisement. Scroll to continue reading.

“The affected information did not include your treatment information, or payment card data,” the notification letter, a copy of which was submitted to the Maine AGO, reads.

American Addiction Centers says it is not aware of any identity theft or fraud related to the use of the stolen information, but is providing the affected individuals with 12 months of free alerts on changes made to their credit files.

The organization has not shared specific details on the type of cyberattack it fell victim to, but the Rhysida ransomware gang claimed responsibility for the incident in mid-November, when it added American Addiction Centers to its Tor-based leak site.

The cybercrime group said it stole roughly 2.8 terabytes of data from the organization, and has made most of it available publicly, indicating that it failed to extort American Addiction Centers.

Related: 5.6 Million Impacted by Ransomware Attack on Healthcare Giant Ascension

Related: Hacker Leaks Cisco Data

Related: Cruise Giant Carnival Says Customers Affected by Breach

Related: DigitalOcean Discloses Breach Involving Billing Information

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

MongoDB has appointed Doug Bowers as Chief Information Security Officer.

Ben Wilkens has been promoted to Director of Cybersecurity at NMFTA.

Cato Networks has appointed Meital Koren as Chief Legal Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.