Nearly half a million people had data stolen after cyberattack on American Addiction Centers

Avatar

A September ransomware attack on American Addiction Centers exposed the sensitive healthcare information of more than 400,000 people. 

The company began mailing out breach notification letters ahead of the Christmas holiday, warning 422,424 people that Social Security numbers and health insurance information were among the data leaked during the attack. 

The company runs a network of addiction rehab facilities across California, Florida, Texas, Nevada, Massachusetts, Mississippi, New Jersey and Rhode Island. 

A spokesperson did not respond to requests for comment about whether it was a ransomware attack. The Rhysida ransomware gang — known for several other attacks on healthcare networks in the U.S. — claimed to have attacked American Addiction Centers on November 16. 

The attack was discovered on September 26 when AAC said it “learned it was experiencing a cybersecurity incident.” After notifying law enforcement and hiring experts, an investigation revealed that the hackers had stolen troves of data between September 23 and 26. 

A recent review outlined the data stolen from customers, which includes names, addresses, phone numbers, medical record numbers and more. Payment card data and treatment information were not included in the breach. 

The company also filed breach notices in Texas, where more than 26,000 people were impacted, as well as California

The Rhysida ransomware has targeted other major healthcare operations in the past, attacking a large U.S. hospital network last year and in February shutting down a children’s hospital in Chicago. 

The ransomware-as-a-service operation caused nearly unparalleled damage throughout 2024 with large-scale attacks on the cities of Seattle and Columbus, Ohio that had significant real-world impact. In October the group tried to extort $1.3 million from disability nonprofit Easterseals.

CybercrimeNewsNews BriefsPrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

FBI attributes largest crypto hack of 2024 to North Korea’s TraderTraitor

Next Post

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Related Posts

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. "The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard
Avatar
Read More

THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 – Dec 1)

Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds. And get this - while we're all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity
Avatar
Read More