ScrogginsGrear Data Breach Exposes Sensitive Information of Nearly 9,000 Individuals
ScrogginsGrear, Inc., a Cincinnati-based financial services and consulting firm specializing in healthcare practice management, disclosed a data breach affecting 8,919 individuals across the U.S., including four in Maine. The incident was discovered on September 10, 2025, when the company detected suspicious activity in its email system. An investigation confirmed that an unauthorized third party had accessed a single employee’s email account.
The exposed data included highly sensitive personal and financial information, such as names, dates of birth, Social Security numbers, driver’s license numbers, bank account details, health insurance policy numbers, patient account numbers, and medical records. Written notifications were sent to affected individuals on April 7, 2026, and ScrogginsGrear offered 12 months of complimentary credit monitoring through TransUnion.
Founded in 2014 through the merger of two long-standing firms, ScrogginsGrear serves independent medical and dental providers, as well as private businesses in Ohio, Kentucky, and Indiana. The breach has prompted legal action, with class action law firm Shamis & Gentile P.A. investigating potential compensation for those impacted.
Source: https://www.claimdepot.com/investigations/scrogginsgrear-data-breach-2026
Scroggins cybersecurity rating report: https://www.rankiteo.com/company/clayton-l.-scroggins-&-associates-inc.
"id": "CLA1776357213",
"linkid": "clayton-l.-scroggins-&-associates-inc.",
"type": "Breach",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '8919',
'industry': 'Healthcare Practice Management',
'location': 'Cincinnati, Ohio, USA',
'name': 'ScrogginsGrear, Inc.',
'type': 'Financial Services and Consulting Firm'}],
'attack_vector': 'Email Compromise',
'customer_advisories': '12 months of complimentary credit monitoring through '
'TransUnion offered to affected individuals',
'data_breach': {'number_of_records_exposed': '8919',
'personally_identifiable_information': 'Names, dates of '
'birth, Social '
'Security numbers, '
'driver’s license '
'numbers, bank account '
'details, health '
'insurance policy '
'numbers, patient '
'account numbers, '
'medical records',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal and Financial '
'Information'},
'date_detected': '2025-09-10',
'date_publicly_disclosed': '2026-04-07',
'description': 'ScrogginsGrear, Inc., a Cincinnati-based financial services '
'and consulting firm specializing in healthcare practice '
'management, disclosed a data breach affecting 8,919 '
'individuals across the U.S., including four in Maine. The '
'incident was discovered when the company detected suspicious '
'activity in its email system, confirming unauthorized access '
'to a single employee’s email account. The exposed data '
'included highly sensitive personal and financial information.',
'impact': {'data_compromised': 'Names, dates of birth, Social Security '
'numbers, driver’s license numbers, bank '
'account details, health insurance policy '
'numbers, patient account numbers, and medical '
'records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action investigation by Shamis & '
'Gentile P.A.',
'payment_information_risk': 'High',
'systems_affected': 'Email system'},
'initial_access_broker': {'entry_point': 'Email account'},
'investigation_status': 'Completed',
'references': [{'source': 'Incident Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Class action investigation'},
'response': {'communication_strategy': 'Written notifications sent to '
'affected individuals on April 7, '
'2026'},
'threat_actor': 'Unauthorized Third Party',
'title': 'ScrogginsGrear Data Breach Exposes Sensitive Information of Nearly '
'9,000 Individuals',
'type': 'Data Breach'}