Eliza Jennings Data Breach Exposes Social Security Numbers

On Feb. 21, 2025, Cleveland-based nonprofit Eliza Jennings Senior Care Network discovered suspicious activity in its network environment. After launching an investigation with the help of legal counsel and third-party forensic specialists, the organization determined that an unauthorized actor had accessed and potentially copied sensitive data stored within its systems.

The comprehensive review of affected files was completed on April 25, 2025. According to a notice filed with the U.S. Department of Health and Human Services, at least 845 individuals in the United States were affected.

The types of information exposed included a combination of personally identifiable information (PII) and protected health information (PHI): name, address, date of birth, medical diagnosis and treatment information, medication information, vaccination status, health insurance information, Medicare/Medicaid number and Social Security number.

Further compounding the seriousness of the incident, the RansomHub ransomware group claimed responsibility for the attack. On March 21, 2025, the group posted on the dark web, stating they had exfiltrated 250 GB of data from Eliza Jennings and threatening to publish the data within a week. This was a classic ransomware attack, with the threat actor leveraging both data theft and extortion.

The breach was officially disclosed to federal regulators on April 22, 2025, and Eliza Jennings posted a detailed notice to consumers on its website.

Eliza Jennings Senior Care Network's response

In response to the breach, Eliza Jennings took several immediate and longer-term steps. The organization began by securing its network, engaging forensic specialists and legal counsel to investigate the incident, and identifying all individuals whose information was impacted.

To help protect those affected, Eliza Jennings offered 12 to 24 months of complimentary credit monitoring and identity theft restoration services through Identity Defense. Affected individuals received mailed notification letters if a valid address was available. The organization also provided detailed guidance on protecting against identity theft and fraud, including instructions for placing a fraud alert or credit freeze with the major credit bureaus and monitoring credit reports for suspicious activity.

Given the nature of the attack—a ransomware incident involving both PII and PHI—affected individuals should remain vigilant. It is strongly recommended to take advantage of the free credit monitoring services, review account statements and explanation of benefits forms, and check credit reports regularly. Placing a fraud alert or credit freeze can add additional security. The Federal Trade Commission’s identity theft resources are also available for further guidance.

For those who did not receive a notification letter but believe they may be affected, Eliza Jennings has set up a dedicated assistance line at 1-833-998-8247, available Monday through Friday from 8 a.m. to 8 p.m. Eastern Time.

For more information about Eliza Jennings Senior Care Network, please visit their official website.