Assisted Living Pharmacy Service, LLC Data Breach 2025: 5,590 Affected · Qilin Ransomware · WI Long-Term Care Pharmacy. Filed With HHS OCR. What To Do.
Assisted Living Pharmacy Service, LLC (ALPS), a Wisconsin long-term care pharmacy, disclosed a Qilin ransomware intrusion that exposed Social Security numbers, driver's license numbers, diagnoses, medications, lab results, insurance, and payment card data for 5,590 patients served between January 2024 and June 2025. The actor was inside the network June 25-27, 2025; ALPS filed with HHS OCR on August 25, 2025.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Jun 25, 2025
Unauthorized actor inside ALPS network (start of access window)
Jun 26, 2025
ALPS detects suspicious activity on its network
Jun 27, 2025
End of unauthorized access window
Aug 8, 2025
Forensic review of affected data completed
Aug 12, 2025
Qilin ransomware group claims responsibility on its leak site
Aug 25, 2025
ALPS files HIPAA breach report with HHS OCR (5,590 individuals)
Jun 25, 2025
Unauthorized actor inside ALPS network (start of access window)
Jun 26, 2025
ALPS detects suspicious activity on its network
Jun 27, 2025
End of unauthorized access window
Aug 8, 2025
Forensic review of affected data completed
Aug 12, 2025
Qilin ransomware group claims responsibility on its leak site
Aug 25, 2025
ALPS files HIPAA breach report with HHS OCR (5,590 individuals)
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Assisted Living Pharmacy Service, LLC (ALPS) is a long-term care pharmacy based in Menomonee Falls, Wisconsin that dispenses and manages medications for residents of assisted living and skilled nursing facilities. On August 25, 2025, ALPS filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights, reporting 5,590 affected individuals. The underlying event was a network intrusion that ALPS detected on June 26, 2025, with the Qilin ransomware group publicly claiming responsibility on its dark-web leak site in August 2025 and asserting it had exfiltrated roughly 150 GB of ALPS data.
Timeline
- June 25, 2025 — Unauthorized actor enters the ALPS computing environment (start of confirmed access window).
- June 26, 2025 — ALPS detects suspicious activity on its network and begins incident response.
- June 27, 2025 — End of the confirmed unauthorized-access window.
- August 8, 2025 — Forensic review of the affected data is completed and confirms exposure of PII and PHI.
- August 12, 2025 — Qilin ransomware group claims responsibility on its leak site, posts sample screenshots, and alleges 150 GB of stolen data.
- August 25, 2025 — ALPS files the federal HIPAA breach report with HHS OCR listing 5,590 affected individuals.
What was exposed
According to ALPS’s own Notice of Data Event, the data set involved in the incident included combinations of the following for patients who received prescription services from ALPS between January 2024 and June 2025:
- Name, address, and date of birth
- Social Security number
- Driver’s license or state ID number
- Diagnoses, conditions, lab results, prescribed medications, and treatment details
- Health insurance and claims information
- Financial account and payment card information
The combination of full Social Security number, government ID number, prescription history, and payment card data in a single record is the worst-case exposure profile for identity theft and medical fraud. There is essentially no element of a synthetic-identity attack that is not enabled by this set.
Why the affected population matters
ALPS serves residents of assisted living and skilled nursing facilities — a population that is older, often cognitively impaired, frequently dependent on caregivers or family members to monitor mail and financial accounts, and disproportionately likely to be enrolled in Medicare and Medicaid. That makes this breach materially more dangerous than a same-size breach at a general-population provider:
- Elderly long-term-care residents are statistically the most-targeted demographic for identity theft and tax-refund fraud in the U.S.
- Power-of-attorney holders and adult children often do not learn about a parent’s breach notice until months later, by which point credit applications and account openings may already have occurred.
- Prescription histories from a long-term-care pharmacy can directly identify dementia, psychiatric, and end-of-life diagnoses, which carries an additional dignity and discrimination risk beyond financial harm.
What ALPS is offering affected individuals
ALPS’s public Notice of Data Event lists a toll-free incident hotline at 1-833-426-9555 (Monday-Friday, 8 a.m. to 8 p.m. ET, excluding major U.S. holidays) and directs recipients to the personalized notification letter mailed to their address on file. The public notice does not itemize a specific complimentary credit-monitoring or identity-theft-protection product or enrollment deadline; recipients should treat the mailed notification letter as authoritative on what is offered, the provider, and the enrollment window. This page will be updated if and when those specifics become public.
Class-action status
As of the date on this page, no consolidated class-action complaint against Assisted Living Pharmacy Service, LLC has been confirmed in federal docket searches we monitor. At least one breach-litigation intake platform is publicly soliciting affected individuals to evaluate claims, which historically precedes filing in the Eastern or Western District of Wisconsin. We will update this section as filings are docketed.
What to do if you may be affected
If you, a parent, or a person for whom you hold power of attorney received prescriptions from ALPS at any point between January 2024 and June 2025, treat this as a high-severity exposure and act now:
- Freeze credit at all three nationwide bureaus (Equifax, Experian, TransUnion). For long-term-care residents who will not be applying for credit, a freeze is essentially permanent protection at zero cost. Do this on behalf of any parent for whom you hold power of attorney.
- Open the notification letter immediately when it arrives at the address on file with ALPS. The letter, not any third-party website, controls what protection ALPS is offering, who the provider is, and how long you have to enroll.
- Pull free weekly credit reports from annualcreditreport.com and review them for unfamiliar inquiries, addresses, and accounts.
- Watch Medicare and Medicaid Explanation of Benefits statements for procedures, prescriptions, or providers you don’t recognize. Medical-identity fraud against elderly patients often shows up here first.
- Reset payment-card and pharmacy-portal passwords and enable account alerts on every card on file with ALPS, the patient’s primary care provider, and the long-term-care facility.
- Call the ALPS hotline at 1-833-426-9555 if you need to confirm whether a specific patient is on the affected list.
Sources on this page
- HHS Office for Civil Rights Breach Portal — the federal regulatory record of this breach (5,590 individuals, filed August 25, 2025).
- Assisted Living Pharmacy Service LLC — Notice of Data Event — the entity’s own public substitute notice, including the data elements and incident hotline.
- Claim Depot — Assisted Living Pharmacy Service Data Breach Impacts Thousands — independent summary corroborating the access window, Qilin attribution, and exposed-data inventory.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Assisted Living Pharmacy Service LLC — Notice of Data Event
- Claim Depot — Assisted Living Pharmacy Service Data Breach Impacts Thousands
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.