Assisted-living facilities in Florida, Alabama hit with cyberattack that impacted 26,000
A data breach was recently revealed at a chain of assisted-living facilities that led to personal information on nearly 26,000 patients and employees being “accessed or acquired by an unauthorized actor” in October 2024.
Despite discovering the incident soon after it occurred, Methodist Homes of Alabama and Northwest Florida said in a statement that it did not determine until September 2025—nearly a year later—that the accessed dataset included HIPAA-protected health information, requiring that victims be notified.
Methodist Homes operates long-term housing for seniors that ranges from retirement accommodations to nursing care for those with dementia. Compromised data includes people at its facilities, as well as family members, visitors and past applicants.
The specifics on what was taken vary. For residents and patients, Methodist Homes said, hackers were able to access protected health information, including everything from medical record numbers to insurance information, medical history, diagnoses, treatments, dates of admission and discharge, and Medicaid and Medicare IDs.
Additionally, cybercriminals were able to view Social Security numbers, driver’s license numbers, names and contact information, Methodist Homes confirmed. Similarly, non-patients had personal data exposed that ranged from names and contacts to Social Security numbers and medical histories—depending on what data they gave to the facilities and for what purpose.
“Methodist Homes takes this incident seriously and has involved additional measures to prevent future occurrences. Upon learning of the incident, Methodist Homes took immediate steps to address it, including securing its systems and taking some of the network offline,” its statement reads.
“Law enforcement was also notified. Additionally, individuals involved were notified of the incident by mail on October 3, 2025, and notice has been submitted to the Department of Health and Human Services at the Office for Civil Rights and state regulatory authorities,” Methodist Homes added.
The assisted-living organization said the “comprehensive data review process” it underwent to “determine what information was involved, and to whom that information belonged,” caused the delay in notifying the public.
As it does not have a way to reach all of those impacted, the group posted a public notice on Oct. 8. It can be found here.
According to its website, Methodist Homes serves individuals 62 and over in Florida and Alabama at 11 locations. The organization, a nonprofit, has been operating homes for the aging since 1956.
The nature and full scope of the cyberattack were not revealed. HealthExec reached out for more details.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.