Strauss Borrelli PLLC, a leading data breach law firm, is investigating American Addiction Centers, Inc. and its affiliated providers, including AdCare, the Greenhouse, Desert Hope Center, Oxford Treatment Center, Recovery First, Sunrise House, River Oaks Treatment Center, and Laguna Treatment Hospital, (“AAC”) regarding its recent data breach. The AAC data breach may have involved sensitive personal information belonging to an undetermined number of individuals.
ABOUT AMERICAN ADDICTION CENTERS, INC.:
AAC is a behavioral healthcare network based in Tennessee. Founded in 2007, AAC specializes in addiction disorders, using research-based treatments to help clients with drug addiction, alcohol addiction, and mental and behavioral health issues.2 Today, AAC offers care through its nationwide network of rehab facilities, with programs in California, Florida, Texas, Nevada, Massachusetts, Mississippi, New Jersey, and Rhode Island.2 Headquartered in Brentwood, Tennessee, AAC employs over 1,000 individuals.
WHAT HAPPENED?
Recently, AAC reported to the Attorney General of Vermont that it had experienced a data breach in which sensitive personal identifiable information in its systems may have been accessed. According to the breach notice, on or around September 26, 2024, AAC became aware that it was experiencing a cybersecurity incident. As a result, AAC launched an investigation to determine the nature of the incident.
Through its investigation, on October 3, 2024, AAC confirmed that sensitive personal information in its systems may have been compromised by an unauthorized third party between September 23 and September 26, 2024. As a result, AAC began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. The exact type of personal information potentially exposed has not been made publicly available by AAC. However, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or other government issued ID card numbers (e.g., individual taxpayer ID number, passport number, military ID card number)
- Financial account number or credit or debit card number
- Unique biometric data (e.g., fingerprint, retina or iris image, or other unique biometric representation)
- Genetic information
- Health record or records of a wellness program or similar program of health promotion or disease prevention (e.g., healthcare professional’s medical diagnosis or treatment of the consumer, health insurance policy number)
In December 2024, AAC began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Vermont residents, AAC is providing affected individuals with a list of the specific types of sensitive information impacted and 12 months of complimentary credit monitoring services. A link to the form breach notification letters that AAC filed with the Attorney General of Vermont is below.
If you received a breach notification letter from American Addiction Centers, Inc.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
