Optalis Management Solutions Data Breach Exposes Social Security Numbers

Optalis Management Solutions, the management company behind the Optalis Health & Rehabilitation network of senior care facilities, disclosed a data breach involving unauthorized access to its computer network in April 2025.

According to the company's notification to affected individuals, unauthorized access to the Optalis Management Solutions network occurred between April 14 and April 19, 2025. During that five-day window, an unauthorized party accessed the company's systems and removed a limited amount of personal information from the network.

After discovering the unauthorized access, Optalis Management Solutions launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of incidents. The purpose of the investigation was to determine the full extent of any compromise to the information stored on the company's network.

The investigation and document review, which the company described as comprehensive, concluded on June 10, 2026, more than 13 months after the breach took place.

The investigation determined that the personal information removed from the network included full names and one or more of the following: Social Security numbers, driver's license or state identification numbers, credit or debit card information, financial account information, medical treatment and diagnosis information, and health insurance policy numbers. Because the breach included both financial data and health-related records, the exposed information spans both personally identifiable information and protected health information. The total number of individuals affected nationwide was not included in the available filings.

Optalis' response

The breach was disclosed to the Massachusetts Office of Consumer Affairs and Business Regulation on June 29, 2026, with 20 Massachusetts residents identified as affected. The company began sending written notifications to affected individuals on or about June 29, 2026, and posted a notice on its website with details about the incident and the protective steps people can take.

Given the sensitive nature of the information involved, Optalis Management Solutions is offering complimentary identity theft protection services through IDX, a data breach and recovery services provider. According to the notification, these services include credit and CyberScan monitoring, a $1 million insurance reimbursement policy and fully managed identity theft recovery services. Affected individuals received a personal enrollment code in their notification letter and can enroll by visiting the IDX enrollment website or by scanning a QR code included in the letter. The deadline to enroll is Sept. 25, 2026.

The company also stated that it continually evaluates and modifies its practices and internal controls to enhance the security and privacy of personal information. Individuals with questions about the breach can call a dedicated, confidential toll-free response line at 1-844-806-3780. The line is staffed with professionals familiar with the incident and is available Monday through Friday from 9 a.m. to 9 p.m. Eastern Time.