422,000 People Are Affected by the Data Breach at American Addiction Centers

Through a network of rehabilitation centers spread across several states, the Brentwood, Tennessee-based business offers both inpatient and outpatient drug misuse treatment services. It has more than 2,700 employees. Although the problem was discovered on September 26, the attackers had been able to access the company's computers for a few days before and had taken some data during that period.

The group notified the US Department of Health and Human Services in late November that the attack had impacted 410,747 people. American Addiction Centers began distributing written notification letters to all impacted individuals after informing the Maine Attorney General's Office on December 23 that the hackers had stolen the personal data of 422,424 persons.

Names, addresses, phone numbers, birth dates, Social Security numbers, health insurance details, and medical record numbers or other identifiers are among the data that was stolen. The notice letter, a copy of which was sent to the Maine AGO, states that "your treatment information, or payment card data, were not among the affected information."

Although American Addiction Centers claims to be unaware of any identity theft or fraud involving the use of the stolen data, it is offering the impacted individuals free alerts for a year regarding any modifications made to their credit files.

When the Rhysida ransomware gang added American Addiction Centers to its Tor-based leak site in mid-November, it claimed credit for the hack, albeit the organization has not disclosed specifics about the kind of cyberattack it was subjected to. According to the cybercrime gang, it failed to extort American Addiction Centers by stealing approximately 2.8 terabytes of material from the organization and making the majority of it publicly available.