On February 13, 2025, Hillcrest Convalescent Center identified a significant data breach that compromised the personal information of approximately 106,194 individuals across the country.
The breach initially occurred on June 27, 2024, when Hillcrest detected suspicious activity on its internal network. The company quickly secured its systems and engaged third-party cybersecurity experts to investigate the incident thoroughly.
The investigation revealed that unauthorized individuals had gained access to Hillcrest's network, resulting in the unauthorized acquisition of sensitive data.
The types of information exposed in this breach include:
Hillcrest Convalescent Center disclosed the breach to various state authorities and the federal government. Notifications were filed with:
In terms of state-specific impact, the breach affected 2,917 individuals in Texas, 983 individuals in Massachusetts, and 340 individuals in Maine.
Upon discovering the breach, Hillcrest Convalescent Center promptly initiated an internal investigation and secured its network to prevent further unauthorized access. The company engaged cybersecurity experts to identify the scope and nature of the breach and reported the incident to law enforcement.
To support affected individuals, Hillcrest Convalescent Center began notifying consumers on March 3, 2025, through U.S. mail, notices posted on its website, and publication in print media.
The company is offering complimentary credit monitoring and identity restoration services through TransUnion, available for a period of 12 to 24 months, depending on the individual's state of residence. Affected individuals must enroll in these services by June 5, 2025, by visiting the dedicated website or calling the toll-free assistance line at 1-833-799-4042.
Hillcrest advises all potentially impacted individuals to remain vigilant against identity theft and fraud. Recommended actions include regularly reviewing account statements, monitoring credit reports, placing security freezes or fraud alerts on credit files, and promptly reporting any suspicious activity to financial institutions and credit bureaus.