Ennoble Care, a private healthcare provider specializing in senior in-home care (including primary, palliative, and hospice services), suffered a data breach on April 17, 2025, when an employee email account was compromised via unauthorized access. The breach exposed sensitive personally identifiable information (PII) and protected health information (PHI) of patients, including: - Full names - Addresses - Dates of birth - Hospice status details (admission, recertification, discharge, or revocation dates) - Clinical order statuses (e.g., CTI, SN, MSW, CH, HHA) The investigation remains ongoing, with the scope of affected individuals undetermined. The breach poses risks of identity theft, fraud, and financial exploitation, prompting Ennoble Care to offer credit monitoring and identity protection services. Legal action is being pursued by affected parties for compensation due to potential harm from the exposure of highly sensitive data.
Source: https://www.claimdepot.com/investigations/ennoble-care-data-breach-2025
Ennoble Care cybersecurity rating report: https://www.rankiteo.com/company/ennoble-care
"id": "ENN2320523112525",
"linkid": "ennoble-care",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (investigation ongoing)',
'industry': 'Healthcare (Senior In-Home Care, Primary '
'Care, Palliative Care, Hospice Services)',
'location': {'headquarters': 'Hackensack, New Jersey, '
'USA',
'operational_states': ['New York',
'New Jersey',
'Pennsylvania',
'Maryland',
'Washington, D.C.',
'Virginia',
'Georgia']},
'name': 'Ennoble Care & Circa Health, LLC',
'type': 'Private Healthcare Company'}],
'attack_vector': 'Compromised Employee Email Account',
'customer_advisories': ['Encouraged to enroll in identity protection '
'services.',
'Advised to monitor financial accounts and credit '
'reports.',
'Informed of potential eligibility for compensation '
'via class action lawsuit.'],
'data_breach': {'data_exfiltration': 'Suspected (unauthorized access to email '
'account may have led to data '
'acquisition)',
'number_of_records_exposed': 'Unknown (investigation ongoing)',
'personally_identifiable_information': ['Full Names',
'Home Addresses',
'Dates of Birth',
'Hospice/Medical '
'Status',
'Admission/Certification '
'Dates'],
'sensitivity_of_data': 'High (includes medical and personal '
'identifiers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-04-17',
'description': 'Shamis & Gentile P.A. is investigating a data breach at '
'Ennoble Care & Circa Health, LLC, where an employee email '
'account was subject to unauthorized access. Sensitive '
'personally identifiable information (PII) and protected '
'health information (PHI) of patients may have been exposed, '
'including names, addresses, dates of birth, hospice status, '
'and related medical records. The investigation is ongoing, '
'and the number of impacted patients is yet to be determined.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data; '
'ongoing investigation may exacerbate '
'concerns.',
'data_compromised': ['Names',
'Addresses',
'Dates of Birth',
'Hospice Status (admitted, recertified, '
'discharged, revoked)',
'Status Dates (admission dates, certification '
'periods, discharge/revocation dates)',
'Orders Statuses (CTI, SN, MSW, CH, HHA, '
'etc.)'],
'identity_theft_risk': 'High (PII and PHI exposed, including '
'names, addresses, and dates of birth).',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals (e.g., class '
'action led by Shamis & Gentile P.A.).',
'systems_affected': ['Employee Email Account']},
'investigation_status': 'Ongoing (scope and number of impacted patients not '
'yet determined)',
'recommendations': ['Sign up for free identity protection and credit '
'monitoring services if offered by Ennoble Care.',
'Monitor financial statements for suspicious activity.',
'Request free annual credit reports from Equifax, '
'Experian, and TransUnion.',
'Place a fraud alert on credit files.',
'Consider joining a class action lawsuit if affected.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'source': 'Ennoble Care Data Security Incident Notice '
'(website)'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuits '
'(e.g., led by Shamis & Gentile '
'P.A.)'},
'response': {'communication_strategy': 'Public notice posted on company '
'website; potential offer of free '
'identity protection and credit '
'monitoring services to affected '
'individuals.',
'incident_response_plan_activated': 'Yes (forensic investigation '
'initiated immediately after '
'detection)'},
'stakeholder_advisories': 'Public notice on company website; legal advisories '
'from Shamis & Gentile P.A.',
'title': 'Ennoble Care & Circa Health, LLC Data Breach (April 2025)',
'type': 'Data Breach (Unauthorized Access to Email Account)'}