Hillcrest Data Breach Impacts 106,194 People: Leaks PII & PHI

Published
March 6, 2025
Updated
March 16, 2025
Hillcrest Data Breach Impacts 106,194 People: Leaks PII & PHI
Hillcrest Convalescent Center
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Hillcrest Convalescent Center

data breach?

Join the Lawsuit

It's free to join. 

On February 13, 2025, Hillcrest Convalescent Center identified a significant data breach that compromised the personal information of approximately 106,194 individuals across the country.

The breach initially occurred on June 27, 2024, when Hillcrest detected suspicious activity on its internal network. The company quickly secured its systems and engaged third-party cybersecurity experts to investigate the incident thoroughly.

The investigation revealed that unauthorized individuals had gained access to Hillcrest's network, resulting in the unauthorized acquisition of sensitive data.

The types of information exposed in this breach include:

  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Driver's license numbers
  • Government-issued ID numbers (such as passports and state ID cards)
  • Financial information (such as account numbers, credit or debit card numbers)
  • Medical information, including patient data and treatment details
  • Health insurance information
  • Health care provider information
  • Additional personal details

Hillcrest Convalescent Center disclosed the breach to various state authorities and the federal government. Notifications were filed with:

In terms of state-specific impact, the breach affected 2,917 individuals in Texas, 983 individuals in Massachusetts, and 340 individuals in Maine.

Hillcrest Convalescent Center's response

Upon discovering the breach, Hillcrest Convalescent Center promptly initiated an internal investigation and secured its network to prevent further unauthorized access. The company engaged cybersecurity experts to identify the scope and nature of the breach and reported the incident to law enforcement.

To support affected individuals, Hillcrest Convalescent Center began notifying consumers on March 3, 2025, through U.S. mail, notices posted on its website, and publication in print media.

The company is offering complimentary credit monitoring and identity restoration services through TransUnion, available for a period of 12 to 24 months, depending on the individual's state of residence. Affected individuals must enroll in these services by June 5, 2025, by visiting the dedicated website or calling the toll-free assistance line at 1-833-799-4042.

Hillcrest advises all potentially impacted individuals to remain vigilant against identity theft and fraud. Recommended actions include regularly reviewing account statements, monitoring credit reports, placing security freezes or fraud alerts on credit files, and promptly reporting any suspicious activity to financial institutions and credit bureaus.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
March 3, 2025
Date of Breach
Breach Discovered Date
February 13, 2025
Total People Affected
106194
Information Types Exposed
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image