Ohio Living Data Breach Exposes Sensitive Personal and Health Information
Ohio Living, a healthcare provider operating 11 residential communities and services across 43 Ohio counties, confirmed a data breach that may have compromised the personal and protected health information of current and former residents, patients, employees, and affiliated individuals. The incident was detected on April 17, 2026, after unusual system activity was observed. An investigation revealed that an unauthorized actor accessed and copied files from Ohio Living’s network between April 16 and April 17, 2026.
The exposed data includes a wide range of sensitive information, such as:
- Personal details: Names, addresses, dates of birth, Social Security numbers, and taxpayer identification numbers.
- Financial data: Payment card information and financial account details.
- Health records: Medical history, diagnoses, prescriptions, treatment details, physician information, medical record numbers, health insurance data, and group/plan numbers.
Ohio Living is conducting an ongoing review of the affected files and plans to notify impacted individuals as the investigation progresses. The breach has prompted legal scrutiny, with attorneys exploring the possibility of a class action lawsuit on behalf of those affected, though no formal action has been filed at this time.
Source: https://www.classaction.org/data-breach-lawsuits/ohio-living-june-2026
Ohio Living cybersecurity rating report: https://www.rankiteo.com/company/ohio-living
"id": "OHI1781656098",
"linkid": "ohio-living",
"type": "Breach",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Current and former residents, '
'patients, employees, and '
'affiliated individuals',
'industry': 'Healthcare',
'location': 'Ohio, USA',
'name': 'Ohio Living',
'type': 'Healthcare Provider'}],
'data_breach': {'data_exfiltration': 'Files copied by unauthorized actor',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of birth',
'Social Security '
'numbers',
'Taxpayer '
'identification '
'numbers',
'Medical record '
'numbers',
'Health insurance '
'data',
'Group/plan numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal details',
'Financial data',
'Health records']},
'date_detected': '2026-04-17',
'description': 'Ohio Living, a healthcare provider operating 11 residential '
'communities and services across 43 Ohio counties, confirmed a '
'data breach that may have compromised the personal and '
'protected health information of current and former residents, '
'patients, employees, and affiliated individuals. The incident '
'was detected after unusual system activity was observed, and '
'an investigation revealed that an unauthorized actor accessed '
'and copied files from Ohio Living’s network.',
'impact': {'data_compromised': 'Personal details, financial data, health '
'records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuit',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit'},
'response': {'communication_strategy': 'Plans to notify impacted individuals '
'as the investigation progresses'},
'threat_actor': 'Unauthorized actor',
'title': 'Ohio Living Data Breach Exposes Sensitive Personal and Health '
'Information',
'type': 'Data Breach'}