Health Care and Rehabilitation Services of Southeastern Vermont Data Breach

In December 2024, Health Care and Rehabilitation Services of Southeastern Vermont, Inc. (HCRS) experienced a data breach involving unauthorized access to two staff email accounts. The breach was first discovered on December 20, 2024, after suspicious activity was detected within the organization’s email environment.

Following immediate containment efforts, HCRS launched a thorough investigation with the help of third-party cybersecurity professionals. The forensic review determined that the unauthorized actor accessed the email accounts between approximately December 4, 2024, and December 9, 2024.

Exposed personally identifiable information (PII) included first and last names, dates of birth, Social Security numbers, financial account numbers, and driver’s license numbers. In addition, protected health information (PHI) such as dates of treatment or service, individual health insurance information, medical history, patient numbers, medical record numbers (MRNs), healthcare billing information, and other medical treatment details was also involved.

Details about the breach, including the types of information exposed and steps for affected individuals, are outlined in the official security incident notice posted by HCRS and in a disclosure to the New Hampshire Attorney General.

To date, we know 70 people in New Hampshire have been affected. We will update this page with more details regarding the number of people affected as more disclosures are made public.

HCRS' response

For those potentially affected, HCRS is providing direct notice by mail, as long as a valid mailing address is available. The organization has also set up a dedicated contact person, Rose Nevins-Alderfer, who can be reached at rnevins@hcrs.org for questions and support. In addition, HCRS is establishing a confidential toll-free response line staffed with professionals familiar with the incident.

If you believe you may have been affected, it is recommended to remain vigilant by monitoring your account statements, explanation of benefits forms, and free credit reports for any suspicious activity. You are entitled to one free credit report annually from each of the three major credit reporting bureaus. Affected individuals are also encouraged to consider placing a fraud alert or security freeze on their credit files, and to review their health insurance statements for any unrecognized activity.

For more information about HCRS, visit the official HCRS website.