Open Arms Care Data Breach Exposes Sensitive Personal Information

Open Arms Care has disclosed a data security incident involving its email accounts.

The breach involved unauthorized access to email accounts at Open Arms Care Corp. In August 2015, the company detected unusual activity in its email accounts and immediately began an investigation using independent cybersecurity experts to assess the scope of its information security, according to the company's notification.

The investigation determined that some emails containing personal data could have been accessed or acquired without authorization between June and August 2015. The incident was limited to information transmitted through email and did not involve other company information systems.

After identifying that its email accounts had been compromised, Open Arms Care Corp. worked to determine which individuals' information was potentially involved in the incident. That review process concluded on April 30, 2026, approximately 11 years after the breach was first detected. The company then worked to gather up-to-date mailing addresses and other contact details needed to reach potentially affected individuals.

The types of information potentially exposed includes names, Social Security numbers, medical diagnosis and treatment details and health insurance information. In a small number of cases, financial account information may also have been involved.

Open Arms Care's response

The company posted a data privacy notice on its website on June 6, 2026, and began sending notification letters to potentially affected individuals on June 9, 2026, according to the company's notification.

Open Arms Care Corp. stated that it has taken steps to notify affected individuals and provide resources to assist them, according to the company's notification. The notification letters included information about the incident along with guidance on steps people can take to protect their personal information.

The company's notification also outlined measures individuals can take to place fraud alerts or security freezes on their credit files, request free copies of their credit reports and report suspicious activity to law enforcement or the Federal Trade Commission.

In its notice, the company said, "The privacy and protection of personal information is a high priority for OAC, and we sincerely apologize for any inconvenience this incident may cause." Open Arms Care Corp. also stated that it is taking steps to prevent a similar event from occurring in the future.

The company has established a toll-free call center for anyone with questions about the incident or individual concerns. Representatives are available Monday through Friday, 8 a.m. to 8 p.m. Central Time, and can be reached at 1-833-718-9788. Individuals who believe they may have been affected by this incident or who want more information about the types of data that may have been involved are encouraged to call.

The company's notice also informed affected individuals about their rights under the Fair Credit Reporting Act. These rights include the ability to know what is in their credit file and to dispute incomplete or inaccurate information with consumer reporting agencies.