American Addiction Centers (AAC) has recently disclosed that a significant number of individuals, close to half a million, had their personal and health-related information compromised as a result of a cyberattack that took place in September 2024. The breach at American Addiction Centers targeted sensitive data such as Social Security numbers and health insurance details, affecting a total of 422,424 individuals.
In response to the breach, the company initiated communication with those impacted by sending out notification letters regarding the cyberattack just before the Christmas holiday. The letters, dated December 23, 2024, provided a comprehensive overview of the incident, highlighting that the breach occurred between September 23 and September 26, 2024.
Upon discovering the cyberattack on September 26, AAC acted swiftly, launching an investigation, involving third-party cybersecurity experts, and alerting law enforcement authorities. By October 3, the investigation confirmed that unauthorized individuals had gained access to and extracted data during the specified timeframe.
The compromised data included a range of personal information such as names, addresses, phone numbers, dates of birth, Social Security numbers, and health insurance details. However, the breach did not expose treatment information or payment card data, which the company assured remained secure. Despite the substantial amount of information accessed, AAC stated that there was currently no indication linking the cyberattack to identity theft or fraud.
In their communication to those affected, AAC emphasized their commitment to addressing the situation promptly and implementing additional security measures to prevent similar incidents in the future. The company offered complimentary credit monitoring services for a duration of 12 months to assist in mitigating the risk of identity theft for those impacted by the breach.
Following the breach, AAC collaborated with cybersecurity experts to enhance their systems’ security protocols and continues to review and update their cybersecurity measures to bolster personal data protection moving forward. The company underlined its dedication to transparency by providing a dedicated hotline and offering free identity protection services through Cyberscout, a TransUnion company, to affected individuals.
Individuals impacted by the cyberattack are encouraged to enroll in identity protection services by March 31, 2025, to ensure their data remains safeguarded. AAC assured the public that, despite the breach, there is currently no evidence correlating the exposed data to instances of identity theft or fraud. Nevertheless, affected individuals are advised to remain vigilant, monitor their credit reports regularly, and report any suspicious activity to their financial institutions.
For further support and information, individuals impacted by the breach can reach out to AAC’s dedicated toll-free hotline, available on weekdays from 8:00 a.m. to 8:00 p.m. Eastern Time. The company expressed regret over the incident and reassured the affected individuals of their commitment to personal information confidentiality and security.
As investigations continue, it is recommended that affected individuals monitor their financial accounts closely and take advantage of the identity protection services offered by AAC. Questions regarding protection against identity theft or inquiries about the cyberattack on American Addiction Centers can be directed to AAC’s dedicated call center at 1-833-833-2770.