American Addiction Centers, Inc. Data Breach

American Addiction Centers (AAC), a Brentwood, Tennessee-based organization providing inpatient and outpatient substance abuse treatment services, recently disclosed a major data breach compromising the personal information of 422,424 individuals. The attack has raised concerns about the security of sensitive patient and employee data within healthcare and rehabilitation networks.

‍

Details of the Data Breach

The data breach was discovered on September 26, 2024, but attackers had accessed the organization’s servers for several days prior. During that time, they extracted a significant amount of sensitive information. By December 23, 2024, AAC had informed the Maine Attorney General’s Office and began notifying affected individuals through written communication.

The stolen data includes:

• Names
• Addresses
• Phone numbers
• Dates of birth
• Social Security numbers
• Health insurance information
• Medical record numbers or other identifiers

According to the notification letters sent to affected individuals, treatment information and payment card data were not included in the breach.

‍

Attackers and Ransomware Claims

While AAC has not publicly disclosed specific details about the nature of the attack, the Rhysida ransomware group has claimed responsibility. In mid-November, the group added AAC to its leak site on the dark web, alleging it had stolen approximately 2.8 terabytes of data. The group later made much of this data publicly available, suggesting their extortion attempts failed.

‍

Potential Risks for Victims

The exfiltrated information places victims at significant risk of:

• Identity theft and financial fraud
• Unauthorized use of health insurance information
• Medical identity theft, which could affect future care or coverage
• Increased phishing attempts and spam communication

Although AAC states that it has not yet identified any fraud or misuse of the stolen data, the long-term risks remain high.

‍

How We Can Help

At Pittman, Dutton, Hellums, Bradley & Mann, P.C., we understand the serious consequences that data breaches can have on victims’ lives. If your information was compromised in the American Addiction Centers data breach, you may be entitled to compensation for:

• Financial losses
• Costs of identity theft protection and recovery
• Emotional distress
• Time and effort spent addressing the breach

Our experienced data breach attorneys can guide you through the legal process and help you seek justice. Whether through negotiation or litigation, we are here to fight for your rights.

‍

What You Should Do Now

If you received a notification letter from AAC, take these steps to protect yourself:

1. Enroll in the free credit monitoring services offered by AAC.
2. Monitor your financial accounts and credit reports for unusual activity.
3. Place a fraud alert or credit freeze on your accounts if you suspect identity theft.
4. Stay vigilant against phishing attempts and avoid sharing sensitive information with unverified sources.

‍

Contact Us for a Free Consultation

Don’t wait to protect your identity and legal rights. If you’ve received a data breach notification from American Addiction Centers, Inc., contact us today for a free consultation. We will help you understand your options and fight for your rights.

‍

‍