On June 21, 2023, BrightSpring Health Services filed a notice of data breach with the Attorney General of Massachusetts after learning that a recent cybersecurity incident compromised confidential employee information stored on the company’s computer network. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers. After confirming that consumer data was leaked, BrightSpring began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification from BrightSpring Health Services, it is essential you understand what is at risk and what you can do about it. It’s data breaches like this one that expose the personal information of millions of Americans each year. As a result, countless data breach victims end up being the victim of identity theft and other frauds. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the BrightSpring Health Services data breach, please see our recent piece on the topic here.

What We Know So Far About the BrightSpring Health Services Breach

News of the BrightSpring Health Services data breach is still fresh; however, what we know at this point comes from the company’s filing with the Attorney General of Massachusetts. According to this source, on March 14, 2023, BrightSpring detected suspicious activity within its computer network. In response, BrightSpring launched an internal investigation with the assistance of outside cybersecurity specialists in hopes of learning more about the nature and scope of the incident.

The BrightSpring investigation ultimately confirmed that an unauthorized actor was able to access the company’s IT network between March 12, 2023 and March 13, 2023. It was subsequently determined that some of the files that were compromised contained confidential employee information.

Upon discovering that sensitive consumer data was made available to an unauthorized party, BrightSpring Health Services began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and Social Security number.

On June 21, 2023, BrightSpring Health Services sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. Based on the sample letter posted on the Massachusetts AG’s website, it appears that the breach affected current and or former employees of Arbor E&T, LLC dba Equus Workforce Solutions.

More Information About BrightSpring Health Services

Founded in 1974, BrightSpring Health Services is a provider of comprehensive home and community-based health services, focusing primarily on clinical care, supportive care and pharmacy solutions. Based out of Louisville, Kentucky, BrightSprings and its affiliates operate over 900 facilities nationwide. BrightSpring Health Services employs more than 37,000 people and generates approximately $5.4 billion in annual revenue.