Alert Medical Alarms Data Breach 2025: 39,218 PERS Users Exposed in Qilin Ransomware Attack. What To Do.
Alert Medical Alarms, a Jenkintown, PA personal emergency response system (PERS) provider for elderly and homebound clients, was hit by the Qilin ransomware group on June 17, 2025. The company filed with HHS OCR on August 15, 2025 reporting 39,218 affected. Exposed data includes Social Security numbers, Medicaid numbers, bank account numbers, prescriptions, and medical conditions. Class-action investigations and complaints are now active.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Jun 17, 2025
Qilin ransomware operators access Alert Medical Alarms' network; company observes disruption to certain computer systems the same day
Jun 17, 2025
Network disruption detected; outside cybersecurity specialists engaged to investigate and contain
Jul 1, 2025
Qilin ransomware group publicly claims responsibility on its dark-web leak site and posts data samples
Aug 15, 2025
Alert Medical Alarms files HIPAA breach notification with HHS Office for Civil Rights: 39,218 affected; Hacking/IT Incident; Network Server
Dec 1, 2025
Forensic and document review completed; affected individuals and specific data elements confirmed
Feb 17, 2026
Substitute notice and individual mailed notifications begin; complimentary credit-monitoring services offered
Feb 20, 2026
Strauss Borrelli PLLC announces class-action investigation
Feb 23, 2026
ClassAction.org publishes investigation page (Biscontini Law Firm / Cole & Van Note); Bryson Harris Suciu & DeMay PLLC opens separate investigation
Mar 1, 2026
Banks v. Alert Medical Alarms filed in the Montgomery County Court of Common Pleas (PA), No. 2911136
Mar 19, 2026
Ezell v. Alert Medical Alarms, Inc. filed in U.S. District Court for the Eastern District of Pennsylvania (No. 2:26-cv-01239)
Mar 23, 2026
Pannozzi v. Alert Medical Alarms, Inc. filed in U.S. District Court for the Eastern District of Pennsylvania (No. 2:26-cv-01371)
Jun 17, 2025
Qilin ransomware operators access Alert Medical Alarms' network; company observes disruption to certain computer systems the same day
Jun 17, 2025
Network disruption detected; outside cybersecurity specialists engaged to investigate and contain
Jul 1, 2025
Qilin ransomware group publicly claims responsibility on its dark-web leak site and posts data samples
Aug 15, 2025
Alert Medical Alarms files HIPAA breach notification with HHS Office for Civil Rights: 39,218 affected; Hacking/IT Incident; Network Server
Dec 1, 2025
Forensic and document review completed; affected individuals and specific data elements confirmed
Feb 17, 2026
Substitute notice and individual mailed notifications begin; complimentary credit-monitoring services offered
Feb 20, 2026
Strauss Borrelli PLLC announces class-action investigation
Feb 23, 2026
ClassAction.org publishes investigation page (Biscontini Law Firm / Cole & Van Note); Bryson Harris Suciu & DeMay PLLC opens separate investigation
Mar 1, 2026
Banks v. Alert Medical Alarms filed in the Montgomery County Court of Common Pleas (PA), No. 2911136
Mar 19, 2026
Ezell v. Alert Medical Alarms, Inc. filed in U.S. District Court for the Eastern District of Pennsylvania (No. 2:26-cv-01239)
Mar 23, 2026
Pannozzi v. Alert Medical Alarms, Inc. filed in U.S. District Court for the Eastern District of Pennsylvania (No. 2:26-cv-01371)
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Alert Medical Alarms, Inc. is a family-owned medical device company headquartered in Jenkintown, Pennsylvania that provides personal emergency response systems (PERS) — the wearable pendants and base-station call buttons that elderly and homebound clients use to summon help during a fall or medical emergency. On June 17, 2025, the Qilin ransomware group breached the company’s network. Qilin publicly claimed the attack on its dark-web leak site on July 1, 2025 and posted sample data. Alert Medical Alarms filed the incident with the HHS Office for Civil Rights on August 15, 2025, reporting 39,218 affected individuals in a Hacking/IT Incident at a Network Server. Mailed notifications and substitute notice began in February 2026 after a multi-month document review confirmed the specific files exposed. The data set is unusually deep for a PERS vendor: Social Security numbers, bank account numbers, Medicaid numbers, prescription and medication details, and diagnosis information were all on the same patient records, and class-action complaints have now been filed in both Pennsylvania state court and the Eastern District of Pennsylvania.
Timeline
- June 17, 2025. Qilin ransomware operators access Alert Medical Alarms’ network. The company observes a disruption to certain computer systems the same day, secures the environment, and engages outside cybersecurity specialists.
- July 1, 2025. The Qilin ransomware-as-a-service group claims responsibility on its Tor-based leak site and posts sample data to pressure payment.
- August 15, 2025. Alert Medical Alarms files the incident with HHS OCR: 39,218 affected, Hacking/IT Incident, Network Server.
- December 1, 2025. Forensic review and document analysis conclude. Specific affected individuals and the precise data elements involved are confirmed.
- February 17, 2026. Substitute notice posted; individual notification letters begin mailing. Complimentary credit-monitoring services are offered to affected individuals.
- February 20, 2026. Strauss Borrelli PLLC announces a class-action investigation.
- February 23, 2026. ClassAction.org publishes its investigation page on behalf of the Biscontini Law Firm and Cole & Van Note; Bryson Harris Suciu & DeMay PLLC opens a parallel investigation.
- March 2026. Three named class actions are filed: Banks v. Alert Medical Alarms in the Montgomery County Court of Common Pleas (No. 2911136), and Pannozzi v. Alert Medical Alarms (No. 2:26-cv-01371) and Ezell v. Alert Medical Alarms (No. 2:26-cv-01239) in the U.S. District Court for the Eastern District of Pennsylvania.
What was exposed
Per the company’s substitute notice and the state attorney general filings, the records taken by Qilin varied by individual but could include any combination of the following:
- Full name and home address
- Date of birth
- Social Security number
- Bank account number (used for autopay of the monthly monitoring subscription)
- Customer ID number and case number
- Health insurance information
- Medicaid number
- Prescription and medication information
- Medical conditions and diagnosis details
This combination is the high-risk profile. A single record can contain the SSN needed for identity theft, the bank account for ACH fraud, the Medicaid number for medical-identity fraud, and the diagnosis detail that makes phishing calls believable. Because Qilin staged data on its leak site, the information should be treated as fully published, not merely accessed.
Why this population is especially exposed
Alert Medical Alarms’ customer base is, by design, older adults living independently, post-discharge patients, and people with chronic conditions or fall risk. That demographic carries elevated exposure on every axis a thief cares about:
- Higher Medicare and Medicaid coverage rates. Medical-identity fraud against seniors is a known and well-documented criminal market — fraudulent claims billed under a victim’s Medicare or Medicaid number are often noticed only at the next Explanation of Benefits cycle, if at all.
- Routine autopay relationships. PERS subscriptions are billed monthly via ACH from a checking account on file, which means a clean bank account number is on the same record as the SSN.
- Diminished detection capacity. Many PERS users live alone, do not use online banking actively, and may not see fraudulent charges or new-account openings for months. Several may rely on family members or caregivers to manage their finances and mail.
- Social-engineering vulnerability. With diagnosis, medication, and Medicaid data, a caller can credibly impersonate the device company, the user’s pharmacy, or a Medicare representative. Targeted vishing against this population is a documented pattern after healthcare breaches.
If you are a caregiver or adult child of an Alert Medical Alarms customer, treat this notice as if it arrived addressed to a vulnerable adult and assume the protective steps below need to be done for them.
What the entity is offering
- Complimentary credit monitoring services for affected individuals (enrollment code in the individual notification letter).
- Guidance on placing fraud alerts and credit freezes with the three nationwide consumer reporting agencies.
- A dedicated incident response line (800-716-8035) for questions about the breach.
- A statement that the company has engaged outside cybersecurity professionals, notified law enforcement, and is reviewing and strengthening its network security policies and procedures.
The duration of the credit-monitoring offer (12 months vs. 24 months) and whether identity-restoration services are bundled is set out in each individual’s notification letter. As of this writing the company has not published its substitute notice on a dedicated web page; the corporate site and the Pennsylvania Office of Attorney General data-incident portal are the public-facing references.
Class-action posture
Three named complaints have been filed and at least four plaintiff firms are publicly investigating:
- Banks v. Alert Medical Alarms — Montgomery County Court of Common Pleas (PA), No. 2911136.
- Pannozzi v. Alert Medical Alarms, Inc. — U.S. District Court for the Eastern District of Pennsylvania, No. 2:26-cv-01371.
- Ezell v. Alert Medical Alarms, Inc. — U.S. District Court for the Eastern District of Pennsylvania, No. 2:26-cv-01239.
- Investigations announced by Biscontini Law Firm, Cole & Van Note, Strauss Borrelli PLLC, and Bryson Harris Suciu & DeMay PLLC.
The complaints generally allege failure to implement reasonable cybersecurity safeguards, negligence, breach of fiduciary duty, breach of implied contract, and unjust enrichment, and seek class certification, actual and statutory damages, and injunctive relief requiring improved security. The fact that the entity serves a demographic with elevated identity-theft consequences materially strengthens the damages theory. Filings will be tracked on this page as the dockets progress; consolidation in the Eastern District of Pennsylvania is plausible given two parallel federal filings.
What to do
- Place free credit freezes at Equifax, Experian, and TransUnion. With SSN and bank account number exposed on the same record, freezing is the single highest-leverage step. If the affected individual is an older relative, do this for them with their permission or under your power of attorney.
- Enroll in the credit monitoring offered in the notification letter — the enrollment code is in the letter.
- Watch the linked checking account. Call the bank, ask them to flag the account for ACH fraud, and consider changing the account number rather than just disputing transactions.
- Request a new Medicaid card with a different identifier through the relevant state Medicaid office; flag the file for medical-identity fraud monitoring.
- Review Medicare and insurance Explanation of Benefits statements for the next 24 months for services or prescriptions you did not receive. Report anything unfamiliar to the insurer’s fraud line immediately.
- File IRS Form 14039 (Identity Theft Affidavit) to obtain an IP PIN and block fraudulent tax filings using the exposed SSN.
- Be skeptical of unsolicited calls or texts that name your medication, diagnosis, or Medicaid number. With diagnosis and prescription data in the leak, scammers can sound convincing. Hang up and call back using a number you look up independently.
- Stop the ongoing flow of your medical data. HealthConsent files HIPAA restriction requests so the diagnosis, prescription, and Medicaid data exposed in this breach is not continuously re-shared by downstream entities, brokers, and analytics vendors.
Sources
- HHS Office for Civil Rights Breach Portal. Federal regulatory record (filed August 15, 2025; 39,218 affected; Hacking/IT Incident; Network Server).
- Alert Medical Alarms corporate website. Entity reference page.
- Pennsylvania Office of Attorney General — Notice of Data Incident portal. State regulatory filing reference.
- Strauss Borrelli PLLC: Alert Medical Alarms Data Breach Investigation. Plaintiff firm investigation page summarizing the exposed-data categories and the December 1, 2025 review completion.
- ClassAction.org investigation page. Confirms Biscontini Law Firm and Cole & Van Note as investigating counsel and lists the eleven exposed-data categories.
- ClaimDepot: Alert Medical Alarms breach summary. Independent source for the 39,218 affected figure, Qilin attribution, and the 800-716-8035 incident response line.
- RedPacket Security: Qilin ransomware victim listing. Confirms the Qilin leak-site claim on July 1, 2025.
- Law.com Radar: Banks v. Alert Medical Alarms. Montgomery County, PA filing record (No. 2911136).
- Justia Dockets: Pannozzi v. Alert Medical Alarms, Inc.. E.D. Pa. case docket (No. 2:26-cv-01371).
- Local 21 News: Carlisle emergency alert provider undergoes cyber attack. Regional press coverage of the PERS-provider incident.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Alert Medical Alarms, Inc. — corporate website
- Pennsylvania Office of Attorney General — Notice of Data Incident portal
- Strauss Borrelli PLLC: Alert Medical Alarms Data Breach Investigation
- ClassAction.org: Alert Medical Alarms Data Breach Impacts SSNs, More; Lawsuit Possible
- ClaimDepot: Alert Medical Alarms Inc Breach Exposes Sensitive Data
- RedPacket Security: Qilin Ransomware Victim — Alert Medical Alarms (leak-site listing)
- Law.com Radar: Banks, Timothy Sr. v. Alert Medical Alarms (Montgomery County, PA — No. 2911136)
- Justia Dockets: Pannozzi v. Alert Medical Alarms, Inc. (E.D. Pa. 2:26-cv-01371)
- Local 21 News: Carlisle emergency alert provider undergoes cyber attack
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.