Next Step Healthcare Data Breach Investigation

Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Next Step Healthcare, LLC data breach.

If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.

About Next Step Healthcare

Next Step Healthcare, LLC is a healthcare management company based in Woburn, Massachusetts. The company operates sixteen nursing homes across the state, providing both short-term rehabilitation and long-term care for individuals with a variety of health needs.

Founded in 2005, Next Step Healthcare employs over 100 people. Their services include skilled nursing, rehabilitation, and specialized programs like Adult Foster Care for those who require significant assistance at home.

Next Step Healthcare has faced regulatory scrutiny in the past, including a $4 million settlement in June 2024 with the Massachusetts Attorney General’s Office over allegations of understaffing and resident neglect.

What Happened?

On June 5, 2024, Next Step discovered suspicious activity in its network. An investigation revealed that data may have been accessed and downloaded without authorization and both personally identifiable information (PII) and protected health information (PHI) of current and former residents were exposed in the data breach.

On May 29, 2025 Next Step issued a press release detailing the cyber security incident and notified impacted individuals by mail. The company reported the data breach to the New Hampshire Attorney General’s Office and disclosed that at least 1,697 people in New Hampshire were affected.

Exposed Information:

• Name
• Date of birth
• Social Security number
• Driver's license number
• Financial account number
• Diagnosis and treatment information
• Additional health-related information

Your Rights and Next Steps

If you received a notice from Next Step Healthcare about this data breach, you have important rights. You are entitled to free credit monitoring and identity theft services, and have the right to seek compensation for any harm or inconvenience caused by this cybersecurity incident.

• Identity Protection Services: Sign up for the free IDX identity protection and CyberScan monitoring offered in the notice you received.
• Monitor your accounts carefully: Check your financial statements regularly for suspicious activity or unauthorized transactions. If you notice anything unusual, contact your financial institution immediately.
• Request your free credit reports: You are entitled to one free credit report annually from each of the three major credit bureaus (Equifax, Experian, and TransUnion).
• Place a fraud alert on your credit files: A fraud alert informs creditors to take extra steps to verify your identity before opening new accounts in your name. You can request a fraud alert by contacting any one of the three major credit bureaus.

Lawyers are ready to help you understand your options and protect your rights. Taking action now can help you recover potential losses and hold companies accountable for protecting your personal information.

You May Be Entitled to Compensation

Lawyers are ready to help you understand your options and protect your rights. If your information was exposed in the Next Step Healthcare data breach, you may be entitled to compensation.

To find out if you qualify to join a lawsuit and receive compensation, take the first step towards justice and complete the form below.

Sources

• Next Step Healthcare, LLC Notice of Data Breach
• New Hampshire Attorney General Disclosure
• Massachusetts Attorney General Disclosure
• Vermont Attorney General Disclosure
• Department of Health and Human Services