Hillcrest Convalescent Center Data Breach Lawsuit Investigation
Was your personal or medical information exposed by Hillcrest Convalescent Center? More than 106,000 patients now face the risk of identity theft and medical fraud after a sweeping cyber-attack. Find out how to protect yourself and see if you qualify for compensation today.
What Happened?
Hillcrest Convalescent Center—North Carolina’s first certified skilled nursing facility—detected suspicious network activity on June 27, 2024. A months-long forensic investigation confirmed on February 13, 2025 that unauthorized actors accessed and removed sensitive patient data. The breach affects approximately 106,194 individuals nationwide.
What Information Was Exposed?
The compromised data set includes both personally identifiable information (PII) and protected health information (PHI):
- Full names & addresses
- Dates of birth & Social Security numbers
- Driver’s license or other government-issued ID numbers
- Financial details (bank, credit or debit card numbers)
- Medical records, treatment details & provider information
- Health-insurance policy data
How Hillcrest Responded
The company says it immediately contained the intrusion, engaged third-party cyber-security experts, and notified law enforcement. Formal breach reports were filed with multiple regulators, including the California, Maine, Massachusetts, and Texas Attorneys General, as well as the U.S. Department of Health & Human Services (HHS).
Free Credit Monitoring—Enrollment Deadline June 5, 2025
Hillcrest is offering 12–24 months of complimentary credit monitoring and identity-restoration services through TransUnion. Impacted patients must enroll by June 5, 2025. For assistance, call the dedicated help line at 1-833-799-4042.
Can You File a Data Breach Lawsuit Against Hillcrest Convalescent Center?
If your information was included in the breach, you may be eligible to seek monetary damages for:
- Time and money spent mitigating fraud
- Out-of-pocket expenses for credit services
- Emotional distress & loss of privacy
- Future identity-theft risks
Class-action attorneys are currently evaluating claims. There are no upfront costs—firms work on contingency and only get paid if you win.
Next Steps for Affected Patients
- Enroll in Hillcrest’s free credit monitoring before the deadline.
- Review bank, credit-card, and insurance statements for unusual activity.
- Consider placing a fraud alert or security freeze with the major credit bureaus.
- Report any suspected identity theft to the Federal Trade Commission and your state Attorney General.
- Consult a qualified data-privacy attorney about your legal options.
Timeline of Key Events
- June 27, 2024 — Suspicious activity detected
- February 13, 2025 — Review of affected data completed
- March 3 – 16, 2025 — Consumer notifications mailed and regulators alerted
- June 5, 2025 — Deadline to enroll in free credit monitoring
States Reporting the Breach
Regulatory filings show at least:
- Texas: 2,917 residents affected
- Massachusetts: 983 residents affected
- Maine: 340 residents affected
Frequently Asked Questions About the Hillcrest Convalescent Center Breach
How do I know if Hillcrest Convalescent Center has my data?
Hillcrest mailed notification letters starting March 3, 2025. If you received one, your information was involved. You can confirm by calling 1-833-799-4042.
What should I do if I suspect identity theft after the Hillcrest Convalescent Center data breach?
Immediately place a fraud alert, file a police report if necessary, and retain documentation. Consider speaking with an attorney to preserve your rights.
Does accepting Hillcrest’s free credit monitoring limit my right to sue?
No. Enrollment in monitoring services does not waive your legal claims. You can still participate in any future lawsuit.
What compensation could I receive from a Hillcrest Convalescent Center lawsuit?
Potential awards may cover unreimbursed financial losses, time spent, credit-monitoring costs, and statutory damages where allowed.
How long do I have to take legal action?
Statutes of limitation vary by state, typically 1–4 years from the date you discover the breach. Contact a lawyer promptly to avoid missing deadlines.