Elara Caring Data Breach Exposes Social Security Numbers and Medical Information

Elara Caring, one of the nation's largest providers of home-based care services, has disclosed a data breach involving one of its third-party vendors.

On Dec. 12, 2025, a third-party vendor notified Elara that an unauthorized actor had accessed and downloaded documents containing patient information from the vendor's system.Elara's own internal systems were not compromised as a result of this incident.

The unauthorized access occurred during two separate periods, between Nov. 4 and 6, 2025, and between Nov. 14 and 17, 2025.

Once Elara learned of the breach from its vendor, the company launched an investigation to determine what information was involved and to identify which patients were affected.

The types of information exposed in the breach included names, addresses, dates of birth, medical records, health insurance information and Social Security numbers.

A total number of 10,490 individuals were affected across the United States, including 3,311 Texas residents and 1,143 Massachusetts residents. Notably, a subsequent filing with the Texas Attorney General updated the number of impacted residents to 2,631. It remains unclear whether this reflects a revised total figure or an increase to the previously reported number.

The company mailed out notification letters to affected individuals on May 12, 2026.

Elara Caring's response to the breach

Elara Caring is offering 24 months of complimentary credit monitoring and remediation services through Cyberscout, a TransUnion company, at no cost. Each affected individual will receive a unique enrollment code in their notification letter.

Elara has also established a dedicated call center for individuals with questions about the breach or who need assistance with the enrollment process. The call center is available Monday through Friday from 8 a.m. to 8 p.m. Eastern time, excluding major U.S. holidays.