Active breach tracker Greenfield, Wisconsin Disclosed June 25, 2025

Clement Manor Data Breach 2025: 16,046 Affected · Hacking/IT Incident · Senior-Living Community in Greenfield, Wisconsin

Clement Manor, a senior retirement community in Greenfield, Wisconsin, reported a Hacking/IT Incident at a Network Server to the HHS Office for Civil Rights on June 25, 2025, affecting 16,046 individuals. The network disruption was detected on or around April 14, 2025. Names, addresses, dates of birth, Social Security numbers, driver's license numbers, diagnoses, medication, health insurance, provider, and financial account information may have been exposed. Notification letters were mailed June 20, 2025. Complimentary credit monitoring is being offered.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Apr 14, 2025

Network disruption detected at Clement Manor; access to certain systems affected; third-party cybersecurity experts engaged

Apr 14, 2025

Attacker gained access

Jun 20, 2025

Individual notification letters mailed to affected residents and individuals; complimentary credit monitoring and identity theft protection services offered

Jun 25, 2025

Breach posted to the HHS Office for Civil Rights public portal at 16,046 affected — Hacking/IT Incident, Network Server

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security numbers Driver's license numbers

02

Health records

Don't expire and can't be reissued

Diagnoses and medical conditions Medication information Provider names and treatment information

03

Contact & insurance

Phishing + targeted scams

First and last names Addresses Dates of birth Health insurance information Financial account information
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Clement Manor, a senior retirement and skilled-nursing community in Greenfield, Wisconsin, confirmed that on or around April 14, 2025 it detected a network disruption that affected its ability to access certain internal systems. Third-party cybersecurity experts were engaged to investigate the incident, and the review concluded that an unauthorized actor may have accessed or acquired sensitive resident and employee information. The breach was posted to the HHS Office for Civil Rights public portal on June 25, 2025, reporting 16,046 affected individuals in a Hacking/IT Incident at a Network Server. Individual notification letters were mailed beginning June 20, 2025, and complimentary credit monitoring and identity theft protection services are being offered to those affected.

Timeline

  • April 14, 2025 — Clement Manor detects a network disruption affecting access to certain internal systems. The community engages third-party cybersecurity experts and notifies law enforcement.
  • June 20, 2025 — Individual notification letters mailed to affected residents and other individuals; complimentary credit monitoring and identity theft protection services offered.
  • June 25, 2025 — Breach posted to the HHS Office for Civil Rights public portal at 16,046 affected individuals, classified as a Hacking/IT Incident with Network Server as the location of breached information.

What was exposed

Per the substitute notice and public reporting, the dataset that may have been accessed or acquired varies by individual and includes any combination of the following:

  • First and last name, address, and date of birth
  • Social Security number
  • Driver’s license number
  • Diagnoses and medical conditions
  • Medication information
  • Health insurance information
  • Provider names and other treatment information
  • Financial account information

The combination of Social Security number, driver’s license number, and clinical and financial detail places this incident in the higher-risk tier of healthcare disclosures. Although Clement Manor’s substitute notification described the event as a network disruption rather than naming ransomware, the pattern (encrypted or inaccessible internal systems, third-party forensics engagement, and a large file-review affecting more than 16,000 individuals) is consistent with a ransomware-style intrusion.

Sensitive-population considerations

Clement Manor operates independent living, assisted living, memory care, skilled-nursing rehabilitation, and adult day services on its Greenfield campus. The affected population skews heavily toward older adults, which changes the downstream risk profile in three ways.

First, senior-living residents are a disproportionately targeted scam population. Threat actors holding verified name, address, date of birth, Social Security number, and a confirmed senior-living context can build highly convincing impersonation lures: fake Medicare overpayment claims, fake Social Security calls, fake “facility billing department” follow-ups, fake prescription-cost collections, and fake family-emergency calls referencing the community by name. Residents accustomed to routine outreach from Clement Manor itself are especially exposed to spoofed messages purporting to come from the community’s billing or records office.

Second, memory-care and skilled-nursing residents cannot reliably self-screen for fraud. Power-of-attorney holders, adult children, and other authorized contacts need to act on the resident’s behalf, including placing credit freezes and actively monitoring bank, Medicare, and prescription statements.

Third, the financial blast radius is larger. Older residents are more likely to hold significant home-equity proceeds, retirement and brokerage accounts, and life-insurance products. The combination of SSN, date of birth, and driver’s license number is the standard input set for synthetic-identity loan applications and new-account fraud at institutions that lean on knowledge-based authentication.

What Clement Manor is offering

According to the substitute notice and corroborating reporting, Clement Manor:

  • Reported the incident to law enforcement.
  • Engaged third-party cybersecurity experts to investigate and contain the incident.
  • Implemented additional cybersecurity measures to harden the environment against further intrusion.
  • Is offering complimentary credit monitoring and identity theft protection services to affected individuals. Enrollment instructions and a single-use activation code are included in each individual notification letter.

Recipients should follow the activation instructions in their letter before the enrollment deadline. Each code is tied to the named individual and cannot be reused.

Class-action posture

As of this page’s last update, no class-action complaint against Clement Manor has been confirmed on the public dockets of the U.S. District Court for the Eastern District of Wisconsin or in Milwaukee County Circuit Court on the basis of publicly available sources. Plaintiff-side firms routinely open investigations of healthcare breaches at this scale and exposed-data profile, and one or more investigations may be announced in the months following individual notification. The HHS OCR portal entry remains open; the OCR investigation has not yet been resolved.

What to do (senior-specific)

  • Freeze the resident’s credit at all three bureaus. Because Social Security and driver’s license numbers were within the dataset, a security freeze at Equifax, Experian, and TransUnion is materially more protective than monitoring alone. It is free, reversible, and can be initiated by a power-of-attorney holder with appropriate documentation.
  • Watch for the notification letter. Letters began mailing June 20, 2025 to the address Clement Manor has on file. The letter lists the specific data elements exposed for that individual and the enrollment code for complimentary credit monitoring and identity theft protection.
  • Enroll in the offered credit monitoring before the deadline. The enrollment code is single-use and tied to the named individual.
  • Brief the resident and authorized contacts on the scam patterns. Treat any unsolicited outreach referencing Clement Manor, Medicare, Social Security, prescription refills, or “billing follow-up” as suspect. Verify by calling the community on a number you look up independently from clementmanor.com, not the number provided in the message.
  • Monitor Medicare and insurance Explanations of Benefits for services the resident did not receive. Medical identity theft using exposed insurance information surfaces here first, often before any financial-fraud activity.
  • For memory-care and skilled-nursing residents: power-of-attorney holders should consider placing a fraud alert on the resident’s file in addition to a freeze, registering the resident on the DMA-Choice and National Do Not Call lists, and reviewing brokerage and bank accounts for unusual address-change or beneficiary-change requests.
  • Keep records. Save the notification letter, any enrollment confirmations, and any suspicious calls or letters. If a class action is filed and certified, this documentation supports a claim.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.