Ransomware Attack Exposes Data Of Over 400,000 At American Addiction Centers

A ransomware attack on American Addiction Centers (AAC) in September exposed the sensitive information of over 400,000 individuals, as reported by The Record.

The Record reported that the breach impacted 422,424 people, compromising data such as Social Security numbers, addresses, phone numbers, and health insurance details. Payment card information and treatment records were not included.

The healthcare provider, which operates addiction rehab facilities across eight states, started sending breach notification letters before the holiday season.

AAC filed breach notices in Texas and California, where more than 26,000 individuals were affected. The incident came to light on September 26, when AAC discovered it was facing a cybersecurity breach. An investigation revealed that hackers accessed and stole data between September 23 and 26, as reported by The Record.

The Record reports that although the company has not confirmed the attack’s nature, the Rhysida ransomware gang claimed responsibility on November 16. Rhysida is notorious for targeting U.S. healthcare networks, including a children’s hospital in Chicago and a large hospital network last year.

The Record notes that Rhysida’s ransomware-as-a-service operations have caused extensive damage throughout 2024. High-profile incidents include attacks on Seattle and Columbus, Ohio, causing widespread disruptions, and an attempted $1.3 million extortion from nonprofit Easterseals in October.

AAC has yet to comment on the breach or the alleged ransomware attack. Law enforcement and cybersecurity experts are working to address the incident, said The Record.

The attack highlights the escalating threat ransomware poses to the healthcare sector, which faces both operational and reputational risks. Recently, several healthcare providers have been targeted in cybersecurity incidents.

Healthcare organizations are prime targets due to weak security and the highly valuable data they store. Leaked information can be exploited for health identity fraud, enabling attackers to access prescription medications, as noted by Cyber News.

For example, in October, over 100 million Americans’ healthcare records were stolen in a ransomware attack on Change Healthcare. Around the same time, India’s largest health insurer, Star Health, was targeted, resulting in a data leak and a $68,000 ransom demand.

Earlier this year, 23andMe, a popular genetic testing service, alerted customers of a breach where hackers used credential stuffing to steal sensitive data, including genotype and health reports.

In November, the WHO issued a warning about the surge in ransomware attacks on healthcare systems, emphasizing that these attacks are not just security breaches, but life-or-death risks. The increasing frequency of such incidents costs the industry billions annually, underscoring the need for global cooperation to improve cybersecurity