Infinity Rehab and Avamere Health Services notify 380,984 patients about breach at Avamere (with updates)

Posted on by Dissent

In April 2022, DataBreaches became aware of a possible breach involving Avamere Holdings, a group of companies providing senior living healthcare and rehabilitation services including IT services.

Today, we learned that they did have a breach of their network. Premere Rehab, LLC (“Infinity Rehab”) reported that Avamere Health Services had alerted them that they had suffered intermittent unauthorized network access between January 19, 2022 and March 17, 2022. The bad actor appears to have removed a number of files and folders that contained protected health information:  names, addresses, dates of birth, driver’s license or state identification numbers, Social Security numbers, claims information, financial account numbers, medications information, lab results, and medical diagnosis/conditions information. Not all data types were involved for all patients.

Infinity Rehab’s notice was filed on behalf of the following entities:

    • Bethany at Pacific
    • Bethany at Silver Lake
    • Cascadia Healthcare
    • Christian Living Communities
    • Columbia Lutheran Home
    • Good Samaritan Society
    • Goodman Group
    • Kin On Health Care Center
    • Mission Healthcare at Bellevue, JV
    • Mission Healthcare at Renton
    • Pinecrest Community
    • Prestige Care
    • Rockwood at Hawthorne
    • Rockwood South Hill
    • Summitview Healthcare Center

 Infinity Rehab’s full notification can be found on their website

The incident was reported to HHS on July 13 as impacting 183,254 patients.  At the same time, Avamere Health Services also reported the incident to HHS as impacting 197,730 patients.

Avamere’s notification was made on behalf of the following entities:

    • A-One Home Health Services, LLC
    • Avamere at Albany
    • Avamere at Bethany
    • Avamere at Cascadia Village
    • Avamere at Chestnut Lane
    • Avamere at Englewood Heights
    • Avamere at Hermiston
    • Avamere at Hillsboro
    • Avamere at Las Vegas
    • Avamere at Lexington
    • Avamere at Moses Lake
    • Avamere at Mountain Ridge
    • Avamere at Newberg
    • Avamere at Oak Park
    • Avamere at Pacific Ridge
    • Avamere at Park Place
    • Avamere at Port Townsend
    • Avamere at Rio Rancho
    • Avamere at Roswell
    • Avamere at Sandy
    • Avamere at Seaside
    • Avamere at Seaside
    • Avamere at Sherwood
    • Avamere at South Hill
    • Avamere at St. Helens
    • Avamere at the Stratford
    • Avamere at Three Fountains
    • Avamere at Waterford
    • Avamere at Wenatchee
    • Avamere Court at Keizer
    • Avamere Crestview of Portland
    • Avamere Fern Gardens Memory Care
    • Avamere Gresham Rehabilitation and Specialty Care
    • Avamere Harmony House of Bend
    • Avamere Health Services of Rogue Valley
    • Avamere Heritage Rehabilitation of Tacoma
    • Avamere Home Health Care, LLC
    • Avamere Living at Berry Park
    • Avamere Olympic Care of Sequim
    • Avamere Rehabilitation at Fiesta Park
    • Avamere Rehabilitation of Beaverton
    • Avamere Rehabilitation of Cascade Park
    • Avamere Rehabilitation of Clackamas
    • Avamere Rehabilitation of Coos Bay
    • Avamere Rehabilitation of Eugene
    • Avamere Rehabilitation of Hillsboro
    • Avamere Rehabilitation of Junction City
    • Avamere Rehabilitation of King City
    • Avamere Rehabilitation of Lebanon
    • Avamere Rehabilitation of Newport
    • Avamere Rehabilitation of Oregon City
    • Avamere Rehabilitation of Richmond Beach
    • Avamere Riverpark of Eugene
    • Avamere St. Francis of Bellingham
    • Avamere Transitional Care and Rehabilitation-Bellingham
    • Avamere Transitional Care and Rehabilitation-Boise
    • Avamere Transitional Care and Rehabilitation-Brighton
    • Avamere Transitional Care and Rehabilitation-Malley
    • Avamere Transitional Care at Sunnyside
    • Avamere Transitional Care of Puget Sound
    • Avamere Twin Oaks of Sweethome
    • Bend Transitional Care
    • Infinity Rehab
    • Laurelhurst Village
    • Northwest Hospice, LLC
    • NP2U, LLC
    • Prime Home Health, LLC
    • Queen Anne Healthcare
    • Salem Transitional Care
    • Signature Coastal, LLC
    • Signature Home Health Bend, LLC
    • Signature Hospice Eugene, LLC
    • Signature Hospice Medford, LLC
    • Signature Hospice Nampa, LLC
    • Signature Hospice Oregon Coast, LLC
    • Suzanne Elise Assisted Living Facility
    • The Arbor at Avamere Court
    • The Arbor at Bend
    • The Arbor at Bremerton
    • The Pearl at Kruse Way
    • The Stafford

Avamere’s full notification can be found on their website.

Both Infinity Rehab and Avamere are offering those affected complimentary credit monitoring as well as advice on how to protect oneself.

Whether there are any other clients of Avamere who will also issue their own notification remains to be seen.  DataBreaches has not seen this breach listed on any dark web leak sites, but will continue to monitor sites to see if any data shows up.

Update: Post-publication, DataBreaches discovered that the April note was because of a mention on a dedicated leak site associated with a ransomware group. In checking back on that site now, we see that they wound up dumping data from Avamere that included employee information and patient information.

Update2 (Aug.16):  Multicare in Washington revealed that 18,615 patients were affected by Avamere’s breach. Avamare’s notification (above) was not on behalf of Multicare. King5 reports that Avamere provides contracted services to Physicians of Southwest Washington, which is a joint venture and business associate of MultiCare.

 

Category: HackHealth DataOf NoteSubcontractorU.S.