On **April 29, 2025**, Healthcare Therapy Services (HTS), a Midwest and Southern U.S.-based provider of physical, occupational, and speech therapy, detected a cyberattack compromising its internal email systems. A forensic investigation confirmed the exposure of **personal and protected health information (PHI)**, including **names, Social Security numbers, medical records, driver’s licenses, and financial account details** of patients and employees. The breach was formally disclosed on **September 9, 2025**, with notifications sent to affected individuals by **November 7, 2025**, including filings with the **Massachusetts Attorney General**. The incident poses severe risks of **identity theft, medical fraud, and financial fraud**, though the exact number of victims remains undisclosed (potentially thousands). HTS responded by engaging cybersecurity experts, offering **24 months of free credit monitoring (IDX), $1M identity theft insurance, and recovery assistance**, and establishing a dedicated call center for inquiries. The breach underscores critical vulnerabilities in healthcare data security, with long-term reputational and operational consequences for HTS.
Source: https://www.claimdepot.com/data-breach/healthcare-therapy-services-2025
Healthcare Therapy Services, Inc. cybersecurity rating report: https://www.rankiteo.com/company/healthcare-therapy-services-inc
"id": "hea3792237111025",
"linkid": "healthcare-therapy-services-inc",
"type": "Cyber Attack",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'thousands (current and former '
'patients and employees; exact '
'number undisclosed)',
'industry': 'healthcare (physical, occupational, and '
'speech therapy)',
'location': ['Midwest United States',
'Southern United States'],
'name': 'Healthcare Therapy Services (HTS)',
'type': 'healthcare provider'}],
'attack_vector': 'internal email systems compromise',
'customer_advisories': ['Call center established for inquiries '
'(1-833-274-5072, Mon–Fri 9:00 AM–9:00 PM ET).',
'Public recommendations for affected individuals '
'(credit monitoring, fraud alerts, phishing '
'awareness).'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'thousands (exact number '
'undisclosed)',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
'driver’s licenses',
'medical records',
'financial account '
'information'],
'sensitivity_of_data': 'high (includes SSNs, medical records, '
'financial account info)',
'type_of_data_compromised': ['personal information',
'protected health information '
'(PHI)',
'financial information']},
'date_detected': '2025-04-29',
'date_publicly_disclosed': '2025-11-07',
'description': 'On April 29, 2025, Healthcare Therapy Services (HTS), a '
'provider of physical, occupational, and speech therapy '
'services, detected suspicious activity in its internal email '
'systems. An investigation revealed that personal and '
'protected health information (PHI) of patients was '
'compromised. The breach exposed names, Social Security '
'numbers, medical records, driver’s licenses, and financial '
'account information. HTS notified affected individuals on '
'Nov. 7, 2025, and disclosed the incident to the Massachusetts '
'Attorney General on Nov. 8, 2025. The total number of '
'impacted individuals remains undisclosed but may include '
'thousands of current/former patients and employees. HTS '
'offered 24 months of free IDX credit monitoring and identity '
'theft protection services to affected individuals.',
'impact': {'brand_reputation_impact': 'high (risk of identity theft and fraud '
'for affected individuals)',
'data_compromised': ['names',
'Social Security numbers',
'medical records',
'medical information',
'driver’s licenses',
'financial account information'],
'identity_theft_risk': 'high',
'payment_information_risk': 'high',
'systems_affected': ['internal email systems']},
'initial_access_broker': {'entry_point': 'internal email systems',
'high_value_targets': ['patient PHI',
'employee data']},
'investigation_status': 'completed (as of 2025-09-09)',
'post_incident_analysis': {'corrective_actions': ['engaged cybersecurity '
'experts',
'offered identity '
'protection services',
'regulatory disclosures']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Sign up for free identity theft protection and credit '
'monitoring services offered by HTS.',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing emails/phone calls exploiting '
'exposed information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Healthcare Therapy Services Data Security Incident '
'Notice'},
{'date_accessed': '2025-11-08',
'source': 'Massachusetts Attorney General Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
'Attorney General '
'(disclosed on '
'2025-11-08)']},
'response': {'communication_strategy': ['data security incident notice on '
'website',
'mail notifications to affected '
'individuals',
'disclosure to Massachusetts Attorney '
'General',
'public advisory with recommended '
'actions'],
'incident_response_plan_activated': True,
'recovery_measures': ['24 months of free IDX credit monitoring',
'identity theft protection services '
'(sCyberScan monitoring, $1M insurance '
'reimbursement, fully managed recovery '
'assistance)',
'established call center for inquiries'],
'remediation_measures': ['investigation by cybersecurity experts',
'notification to affected individuals '
'and regulators'],
'third_party_assistance': ['cybersecurity experts']},
'stakeholder_advisories': ['data security incident notice on HTS website',
'mail notifications to affected individuals'],
'title': 'Healthcare Therapy Services Data Breach (2025)',
'type': ['data breach', 'cyberattack']}