96 Senior Living and Healthcare Facilities Affected by Avamere Data Breach
A major data breach has been reported that has affected dozens of healthcare, rehabilitation, and senior living facilities in Oregon, Washington, Nevada, Utah, Colorado, and Arizona, which are operated by companies that are part of the Wilsonville, OR-based group, Avamere Holdings.
Between January 19, 2022, and March 17, 2022, an unauthorized individual gained access to a third-party-hosted network that was used by Avamere Health Services, LLC. Avamere Health Services is a business associate of the Avamere Holdings group of companies and provides information technology services. The forensic investigation of the data breach confirmed that the individuals behind the attack exfiltrated files from its systems that contained the information of employees and patients, including names, addresses, dates of birth, driver’s license or state identification numbers, Social Security numbers, claims information, financial account numbers, medications information, lab results, and medical diagnosis/conditions information.
The exact nature of the cyberattack was not disclosed in the substitute breach notice, but it would appear that this was a ransomware attack and that the exfiltrated data has been published on the group’s data leak site. Avamere Health Services said its information technology department has been working with third-party cybersecurity experts to review its existing security measures and security will be enhanced to prevent any repeat attacks.
Avamere Health Services has reported the breach to the Department of Health and Human Services’ Office for Civil Rights as affecting 197,730 individuals and has now sent notifications to those individuals and has offered complimentary credit monitoring services. Avamere Health Services provided notifications on behalf of the 81 companies that it works with as a HIPAA business associate.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
One of the 81 companies is Premere Infinity Rehab, LLC, which has also published its own substitute breach notice on behalf of a further 16 companies for which it acts as a HIPAA business associate. Premere Infinity Rehab has reported the breach to the HHS’ Office for Civil Rights as affecting 183,254 individuals.
It is currently unclear if the total of 380,984 individuals is the final breach total. Companies known to have been affected are detailed in the tables below.
Companies Affected by Avamere Data Breach
| A-One Home Health Services, LLC | Avamere at Port Townsend | Avamere Gresham Rehabilitation and Specialty Care | Avamere Rehabilitation of Lebanon | Cascadia Healthcare | Rockwood at Hawthorne |
| Avamere at Albany | Avamere at Rio Rancho | Avamere Harmony House of Bend | Avamere Rehabilitation of Newport | Christian Living Communities | Rockwood South Hill |
| Avamere at Bethany | Avamere at Roswell | Avamere Health Services of Rogue Valley | Avamere Rehabilitation of Oregon City | Columbia Lutheran Home | Salem Transitional Care |
| Avamere at Cascadia Village | Avamere at Sandy | Avamere Heritage Rehabilitation of Tacoma | Avamere Rehabilitation of Richmond Beach | Good Samaritan Society | Signature Coastal, LLC |
| Avamere at Chestnut Lane | Avamere at Seaside | Avamere Home Health Care, LLC | Avamere Riverpark of Eugene | Goodman Group | Signature Home Health Bend, LLC |
| Avamere at Englewood Heights | Avamere at Seaside | Avamere Living at Berry Park | Avamere St. Francis of Bellingham | Infinity Rehab | Signature Hospice Eugene, LLC |
| Avamere at Hermiston | Avamere at Sherwood | Avamere Olympic Care of Sequim | Avamere Transitional Care and Rehabilitation-Bellingham | Kin On Health Care Center | Signature Hospice Medford, LLC |
| Avamere at Hillsboro | Avamere at South Hill | Avamere Rehabilitation at Fiesta Park | Avamere Transitional Care and Rehabilitation-Boise | Laurelhurst Village | Signature Hospice Nampa, LLC |
| Avamere at Las Vegas | Avamere at St. Helens | Avamere Rehabilitation of Beaverton | Avamere Transitional Care and Rehabilitation-Brighton | Mission Healthcare at Bellevue, JV | Signature Hospice Oregon Coast, LLC |
| Avamere at Lexington | Avamere at the Stratford | Avamere Rehabilitation of Cascade Park | Avamere Transitional Care and Rehabilitation-Malley | Mission Healthcare at Renton | Summitview Healthcare Center |
| Avamere at Moses Lake | Avamere at Three Fountains | Avamere Rehabilitation of Clackamas | Avamere Transitional Care at Sunnyside | Northwest Hospice, LLC | Suzanne Elise Assisted Living Facility |
| Avamere at Mountain Ridge | Avamere at Waterford | Avamere Rehabilitation of Coos Bay | Avamere Transitional Care of Puget Sound | NP2U, LLC | The Arbor at Avamere Court |
| Avamere at Newberg | Avamere at Wenatchee | Avamere Rehabilitation of Eugene | Avamere Twin Oaks of Sweethome | Pinecrest Community | The Arbor at Bend |
| Avamere at Oak Park | Avamere Court at Keizer | Avamere Rehabilitation of Hillsboro | Bend Transitional Care | Prestige Care | The Arbor at Bremerton |
| Avamere at Pacific Ridge | Avamere Crestview of Portland | Avamere Rehabilitation of Junction City | Bethany at Pacific | Prime Home Health, LLC | The Pearl at Kruse Way |
| Avamere at Park Place | Avamere Fern Gardens Memory Care | Avamere Rehabilitation of King City | Bethany at Silver Lake | Queen Anne Healthcare | The Stafford |
