Encompass Care Inc. Data Breach Exposes SSNs

On October 3, 2024, Encompass Care Inc., a provider of therapy services to skilled nursing facilities and home health agencies in Ohio and Pennsylvania, identified suspicious activity on its management company’s computer network. A subsequent investigation revealed that an unauthorized third party had accessed and acquired certain documents from the network on September 17, 2024.

The forensic investigation concluded that sensitive consumer information was exposed during the breach. On November 19, 2024, a review of the compromised documents confirmed that the following types of personal information were affected:

• Names
• Dates of birth
• Social Security numbers
• Financial account numbers
• Medical information
• Insurance information

Although the breach was reported to the Massachusetts Attorney General's office on January 10, 2025, the number of affected individuals in Massachusetts is reported to be only one. However, the full scope of the breach across other states remains unclear. You can view the official disclosure on the Massachusetts Attorney General's website.

Encompass Care Inc's Response

Upon discovering the breach, Encompass Care Inc. immediately took steps to contain the incident and launched an internal investigation. The company also engaged a forensic security firm to assist in identifying the cause and scope of the breach. These efforts focused on securing the management company’s computer systems to prevent further unauthorized access.

Law enforcement authorities were notified, and Encompass Care Inc. is cooperating with their investigation. To support affected individuals, the company is offering a complimentary two-year membership to Experian IdentityWorks Credit 3B. This service provides credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Instructions for activating this service are included in the notice to consumers.

What the reader should do if they are affected by the data breach

If you believe you may have been affected by this data breach, there are several steps you should take to protect yourself:

1. Enroll in the offered credit monitoring service: Take advantage of the two-year complimentary membership to Experian IdentityWorks Credit 3B. This service can help detect potential misuse of your information and provide identity restoration support if needed. Visit Experian IdentityWorks and use the activation code provided in your notice.
2. Monitor your financial accounts and credit reports: Regularly review your bank statements, credit card transactions, and credit reports for any unauthorized activity. You can obtain a free credit report annually from each of the three major credit reporting agencies at Annual Credit Report.
3. Place a fraud alert or security freeze on your credit file: A fraud alert notifies creditors to verify your identity before opening new accounts. A security freeze restricts access to your credit report, making it more difficult for identity thieves to open accounts in your name. Contact Equifax, Experian, and TransUnion to set up these protections.
4. Report any suspicious activity: If you notice unauthorized transactions or suspect identity theft, report it immediately to your financial institution, local law enforcement, and the Federal Trade Commission (FTC) at FTC Identity Theft.
5. Stay vigilant: Even if there is no evidence of misuse, remain cautious and monitor your personal information closely. Consider taking additional steps, such as updating passwords and enabling two-factor authentication for online accounts.