Averhealth Data Breach Compromises PHI and PII

Published
July 15, 2026
Updated
July 15, 2026
Averhealth Data Breach Compromises PHI and PII
Averhealth
Affected by the data breach? You may be entitled to compensation. Submit a claim today.

Averhealth Holdings, the parent company of Averest Inc., disclosed a data breach involving unauthorized access to its email environment. The total number of people affected by the breach nationwide has not been disclosed, however, at least 858 individuals in Vermont and 35 in Massachusetts were affected.

On Jan. 20, 2026, Averhealth detected unusual activity in Averest's email environment. The company contained the incident and began an investigation with the help of external cybersecurity professionals.

The investigation found that an unauthorized party gained access to the company's network between Dec. 19, 2025, and Jan. 21, 2026. On May 6, 2026, Averhealth discovered that the unauthorized party had potentially accessed or acquired certain files containing personal information.

The incident compromised both personally identifiable information (PII) and protected health information (PHI) exposed included names, dates of birth, driver's license numbers, digital or electronic signatures, Social Security numbers, patient account numbers, clinical information, diagnoses, health insurance policy-related numbers, medical costs, medical dates of service, medical history, medical provider names, medical record numbers, medical treatment and procedure information, and mental or physical conditions.

Averhealth began notifying posted a notice on its website with details about the incident.

On or about July 2, 2026, Averhealth began sending notification letters to potentially affected individualss.

Averhealth Holdings' response to the breach

Averhealth is providing complimentary credit monitoring services for individuals whose Social Security numbers were impacted by the breach. The company did not specify the duration of the credit monitoring or the provider offering the service.

Because this breach involved Social Security numbers, medical records, substance use disorder diagnoses and information about minors, affected individuals should consider acting quickly to protect themselves.

Affected individuals with questions about the incident, or those who want to determine whether they were affected, can contact the company's dedicated response line at 844-959-7153. The line is available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern time, excluding holidays.

SUBMIT YOUR CLAIM TO THE LAW FIRM HANDLING THIS INVESTIGATION

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Affected Entity
Averhealth
Consumers Notification date
Date of Breach
December 19, 2025 to January 21, 2026
Breach Discovered Date
Total People Affected
Information Types Exposed
  • Health Records
  • Social Security number
  • Clinical information
  • Date of birth
  • Diagnosis
  • Digital / electronic signature
  • Driver’s license number
  • Full name
  • Health insurance policy-related number
  • Medical cost
  • Medical
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image