Healthcare Therapy Services Data Breach Exposes Social Security Numbers

On April 29, 2025, Healthcare Therapy Services, a provider of physical, occupational and speech therapy services in the Midwest and Southern United States, detected suspicious activity within its internal email systems. An investigation revealed that personal and protected health information belonging to patients may have been compromised. So far, the data breach has impacted at least 15,027 current and former patients across the U.S.

A review took place and on Sept. 9, 2025, it was determined that the cyberattack exposed names, Social Security numbers, medical records, medical information, driver’s licenses and financial account information.

HTS published a data security incident notice on its website and began notifying affected individuals by mail on Nov. 7, 2025. The data breach was also disclosed to the Massachusetts Attorney General and the U.S. Department of Health and Human Services on Nov. 8, 2025. This type of cybersecurity incident puts people involved at risk for identity theft and medical or financial fraud.

Healthcare Therapy Services' response

After discovering the incident, Healthcare Therapy Services engaged cybersecurity experts to investigate and determine the scope of the data compromised. In addition to state and federal disclosures, HTS is offering impacted individuals 24 free months of IDX credit monitoring and identity theft protection services, which include CyberScan monitoring, $1 million insurance reimbursement policy and fully managed identity theft recovery assistance.

If you receive a data breach notice from Healthcare Therapy Services, you may want to:

• Sign up for the free identity theft protection and credit monitoring services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

The healthcare organization has also established a call center for individuals with questions about the incident at 1-833-274-5072, Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time.