Strauss Borrelli PLLC, a leading data breach law firm, is investigating Hillcrest Convalescent Center, Inc. (“Hillcrest”) regarding its recent data breach. The Hillcrest data breach may have involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT HILLCREST CONVALESCENT CENTER, INC.:
Hillcrest is a senior care organization based in North Carolina. Founded in 1951, Hillcrest offers an array of services to seniors, including inpatient short-term rehabilitation, assisted living, home health services, long term care, and outpatient physical therapy.3 Headquartered in Durham, North Carolina, Hillcrest has two additional locations in North Carolina.
WHAT HAPPENED?
Recently, Hillcrest announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its systems may have been accessed and acquired. According to the breach notice, on June 27, 2024, Hillcrest identified suspicious activity on its network.1 As a result, Hillcrest launched an investigation to determine the nature of the incident.
Through its investigation, Hillcrest confirmed that sensitive personal information in its systems may have been viewed and obtained by an unauthorized third party during the breach. As a result, Hillcrest began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On February 13, 2025, Hillcrest completed this review. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Address
- Date of birth
- Driver’s license number
- Government issued ID number (e.g., passport, state ID card)
- Financial information (e.g., account number, credit or debit card number)
- Medical information (e.g., patient data, treatment information, health care provider information)
- Health insurance information
On March 3, 2025, Hillcrest posted a notice of the incident on its website. Additionally, on March 2, 2025, Hillcrest began mailing data breach notification letters to impacted individuals. Based on the website breach notice, Hillcrest is providing affected individuals with a list of the specific types of sensitive information impacted. A link to the form breach notification that Hillcrest posted to its website is below.
If you received a breach notification letter from Hillcrest Convalescent Center, Inc.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
