Strauss Borrelli PLLC, a leading data breach law firm, is investigating Cedar Valley Hospice (“Cedar Valley”) regarding its recent data breach. The Cedar Valley data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT CEDAR VALLEY HOSPICE:
Cedar Valley is a hospice and palliative care organization based in Iowa. Founded in 1979, Cedar Valley provides a range of hospice care services to patients and their families, including palliative care, dementia care, short-term respite homes, grief support, confidential case management, and more.2,3 Headquartered in Waterloo, Iowa, Cedar Valley employs over 50 individuals and serves a 15 county area in northeast Iowa through offices and care centers in Waterloo, Grundy Center, Waverly, and Independence, Iowa.2,3
WHAT HAPPENED?
Recently, Cedar Valley reported to the Attorney General of Iowa that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, on November 11, 2025, Cedar Valley detected suspicious activity on its network.1 As a result, Cedar Valley launched an investigation to determine the nature of the incident.
Through its investigation, Cedar Valley confirmed that sensitive personal information in its systems may have been accessed and acquired by an unauthorized third party during the breach. As a result, Cedar Valley began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Driver’s license information
- Health information
- Financial account information
On March 4, 2026, Cedar Valley began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Iowa residents, Cedar Valley is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification letters that Cedar Valley filed with the Attorney General of Iowa is below.
If you received a breach notification letter from Cedar Valley Hospice:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
