Averhealth Data Breach Investigation
Averhealth Holdings has reported a data incident that may have involved sensitive personal and health information. If you received a notice, you may be wondering what happened, what information was involved, and what steps to take now. This page summarizes the publicly available details in plain English and explains common next steps for protecting yourself. If you want to understand whether you may have a legal claim, you can fill out the form on this page to contact Strauss Borrelli PLLC.
Averhealth Holdings is a Virginia healthcare company that, according to its website, provides substance use monitoring and treatment-related services. When a healthcare organization reports a cybersecurity event, people naturally worry about identity theft, medical privacy, and whether their information could be misused.
Key Facts at a Glance
- Company: Averhealth Holdings
- Industry: Healthcare
- Reported incident type: Hacking/IT Incident
- Reported incident timeframe: December 19, 2025 to January 21, 2026
- Notice date: July 2, 2026
- Public listing date: July 15, 2026
- Regulatory context: State Attorney General filings were reported in Vermont and Massachusetts
- Information that may have been involved: Name, Social Security number, date of birth, driver’s license number, medical record number, health records, and health insurance information
- Affected population: A total number of affected individuals was not stated in the materials reviewed
What Happened?
According to the available regulatory information, this was reported as a hacking/IT incident. The incident activity was listed as occurring between December 19, 2025 and January 21, 2026, and notice letters were dated July 2, 2026.
At the time of writing, detailed narrative information from the official public materials available for review is limited. That means readers should rely on their individual notice letter and the company’s incident webpage for the most specific information about what the company says happened and whether any services were offered.
If you received a notice, read it carefully from start to finish. Individual letters sometimes explain whether the listed information categories apply generally or specifically to you.
What Information Was Exposed?
Based on the reported data categories associated with this incident, the information that may have been involved includes:
- Name
- Social Security number
- Date of birth
- Driver’s license number
- Medical record number
- Health records
- Health insurance information
That combination is significant because it may create both financial identity theft risk and medical privacy concerns. Even if you have not seen fraud yet, it is wise to treat this type of notice seriously and begin monitoring right away.
What Should You Do Next?
- Keep the notice. Save the letter or email you received, along with the envelope and any claim, reference, or call-center numbers.
- Confirm what applies to you. Check whether your notice says all listed categories may have been involved or whether it identifies only certain data elements connected to your file.
- Protect your credit. If your Social Security number or driver’s license number may have been involved, consider placing a fraud alert or security freeze with the major credit bureaus.
- Watch financial and medical activity. Review bank statements, insurance statements, explanation-of-benefits forms, and medical bills for unfamiliar activity or services you did not receive.
- Strengthen account security. Change passwords on important accounts if you reused them elsewhere, and enable multi-factor authentication where available.
- Document your time and losses. Keep records of any expenses, account issues, denied claims, tax problems, or time spent responding to the incident.
- Ask about your legal options. If you want to find out whether you may qualify for a claim, you can fill out the form on this page to contact Strauss Borrelli PLLC.
Your Legal Rights
People affected by a reported data incident may have legal rights, but those rights depend on the facts, the type of information involved, and the laws that apply. In some situations, individuals may be able to pursue claims related to out-of-pocket losses, time spent dealing with fraud or account problems, or the risks created by the exposure of highly sensitive personal and medical information.
Healthcare-related incidents can raise additional concerns because medical record numbers, health records, and insurance information may be difficult to replace and can be misused in ways that are not immediately obvious. That does not mean every notice leads to a lawsuit, but it does mean affected individuals should take the event seriously and understand their options before deadlines pass.
A lawyer can help evaluate whether the reported safeguards, response timeline, and notice process appear adequate based on the information that becomes publicly available. This page is for general information only and is not individualized legal advice.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC focuses on representing consumers in data breach and privacy matters. Our firm has experience investigating cybersecurity incidents and pursuing claims on behalf of people whose sensitive information was put at risk.
If you received a notice connected to this reported incident, our team can help review the publicly available information, explain the claims process in plain English, and assess whether you may have a viable case. Contact Strauss Borrelli PLLC or use the form on this page to request a free review.
If you received a breach notification letter from Averhealth:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.










