Cabot Medical Care Data Breach Affects 21K: SSNs Exposed

On April 10, 2025, Cabot Medical Care (CMC), located in Cabot, Arkansas, disclosed a data breach involving unauthorized access to certain files on their computer network. The breach was initially discovered on January 26, 2025, when CMC experienced a network disruption.

Immediately after noticing the disruption, the company started an investigation and hired independent cybersecurity experts to assist in determining the scope and nature of the incident.

The cybersecurity investigation revealed that between January 25 and January 26, 2025, unauthorized individuals gained access to certain files stored on CMC's network. After completing a thorough review of the affected files in March 2025, the company confirmed that sensitive personal and protected health information (PHI) of current and former patients was potentially exposed.

The types of information compromised include personally identifiable information (PII) such as names, dates of birth, and Social Security numbers, as well as protected health information (PHI) including diagnosis or treatment details and other health-related information.

The breach was officially reported to the Massachusetts Attorney General's office on April 10, 2025 and to the Department of Health and Human Services, indicating that at least one individual in Massachusetts was affected.

Due to the sensitive nature of the exposed information, affected individuals may face an increased risk of identity theft or fraud.

Cabot Medical Care's response

On April 9, 2025, CMC began notifying all potentially affected individuals directly by mail. In addition, the company established a toll-free call center to answer questions and address concerns related to the breach. Individuals who believe they may be affected or have questions about the incident can contact the call center at 1-833-998-8995, available Monday through Friday from 8:00 am to 8:00 pm Eastern Time.

CMC recommends that affected individuals remain vigilant by regularly reviewing their financial account statements and credit reports for any suspicious activities. If suspicious activity is detected, individuals should immediately notify their financial institutions, law enforcement authorities, their state attorney general, and the Federal Trade Commission (FTC). Affected individuals can also obtain a free copy of their credit report annually from each of the three major credit reporting agencies (Equifax, Experian, and TransUnion) by visiting AnnualCreditReport.com.

Additionally, affected individuals may choose to place a fraud alert or a security freeze on their credit reports. A fraud alert informs creditors of possible fraudulent activity and requests they contact the individual before opening new accounts. A security freeze restricts access to credit reports, preventing new credit from being opened without the individual's consent. Both fraud alerts and security freezes can be placed by contacting any of the three major credit reporting agencies directly.

For more detailed information, Cabot Medical Care has posted a full notice describing the incident and recommended protective measures on the Cabot Medical Care website.