Clement Manor Data Breach 2025: 16,046 Affected · Hacking/IT Incident · Senior-Living Community in Greenfield, Wisconsin
Clement Manor, a senior retirement community in Greenfield, Wisconsin, reported a Hacking/IT Incident at a Network Server to the HHS Office for Civil Rights on June 25, 2025, affecting 16,046 individuals. The network disruption was detected on or around April 14, 2025. Names, addresses, dates of birth, Social Security numbers, driver's license numbers, diagnoses, medication, health insurance, provider, and financial account information may have been exposed. Notification letters were mailed June 20, 2025. Complimentary credit monitoring is being offered.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Apr 14, 2025
Network disruption detected at Clement Manor; access to certain systems affected; third-party cybersecurity experts engaged
Apr 14, 2025
Attacker gained access
Jun 20, 2025
Individual notification letters mailed to affected residents and individuals; complimentary credit monitoring and identity theft protection services offered
Jun 25, 2025
Breach posted to the HHS Office for Civil Rights public portal at 16,046 affected — Hacking/IT Incident, Network Server
Apr 14, 2025
Network disruption detected at Clement Manor; access to certain systems affected; third-party cybersecurity experts engaged
Apr 14, 2025
Attacker gained access
Jun 20, 2025
Individual notification letters mailed to affected residents and individuals; complimentary credit monitoring and identity theft protection services offered
Jun 25, 2025
Breach posted to the HHS Office for Civil Rights public portal at 16,046 affected — Hacking/IT Incident, Network Server
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Clement Manor, a senior retirement and skilled-nursing community in Greenfield, Wisconsin, confirmed that on or around April 14, 2025 it detected a network disruption that affected its ability to access certain internal systems. Third-party cybersecurity experts were engaged to investigate the incident, and the review concluded that an unauthorized actor may have accessed or acquired sensitive resident and employee information. The breach was posted to the HHS Office for Civil Rights public portal on June 25, 2025, reporting 16,046 affected individuals in a Hacking/IT Incident at a Network Server. Individual notification letters were mailed beginning June 20, 2025, and complimentary credit monitoring and identity theft protection services are being offered to those affected.
Timeline
- April 14, 2025 — Clement Manor detects a network disruption affecting access to certain internal systems. The community engages third-party cybersecurity experts and notifies law enforcement.
- June 20, 2025 — Individual notification letters mailed to affected residents and other individuals; complimentary credit monitoring and identity theft protection services offered.
- June 25, 2025 — Breach posted to the HHS Office for Civil Rights public portal at 16,046 affected individuals, classified as a Hacking/IT Incident with Network Server as the location of breached information.
What was exposed
Per the substitute notice and public reporting, the dataset that may have been accessed or acquired varies by individual and includes any combination of the following:
- First and last name, address, and date of birth
- Social Security number
- Driver’s license number
- Diagnoses and medical conditions
- Medication information
- Health insurance information
- Provider names and other treatment information
- Financial account information
The combination of Social Security number, driver’s license number, and clinical and financial detail places this incident in the higher-risk tier of healthcare disclosures. Although Clement Manor’s substitute notification described the event as a network disruption rather than naming ransomware, the pattern (encrypted or inaccessible internal systems, third-party forensics engagement, and a large file-review affecting more than 16,000 individuals) is consistent with a ransomware-style intrusion.
Sensitive-population considerations
Clement Manor operates independent living, assisted living, memory care, skilled-nursing rehabilitation, and adult day services on its Greenfield campus. The affected population skews heavily toward older adults, which changes the downstream risk profile in three ways.
First, senior-living residents are a disproportionately targeted scam population. Threat actors holding verified name, address, date of birth, Social Security number, and a confirmed senior-living context can build highly convincing impersonation lures: fake Medicare overpayment claims, fake Social Security calls, fake “facility billing department” follow-ups, fake prescription-cost collections, and fake family-emergency calls referencing the community by name. Residents accustomed to routine outreach from Clement Manor itself are especially exposed to spoofed messages purporting to come from the community’s billing or records office.
Second, memory-care and skilled-nursing residents cannot reliably self-screen for fraud. Power-of-attorney holders, adult children, and other authorized contacts need to act on the resident’s behalf, including placing credit freezes and actively monitoring bank, Medicare, and prescription statements.
Third, the financial blast radius is larger. Older residents are more likely to hold significant home-equity proceeds, retirement and brokerage accounts, and life-insurance products. The combination of SSN, date of birth, and driver’s license number is the standard input set for synthetic-identity loan applications and new-account fraud at institutions that lean on knowledge-based authentication.
What Clement Manor is offering
According to the substitute notice and corroborating reporting, Clement Manor:
- Reported the incident to law enforcement.
- Engaged third-party cybersecurity experts to investigate and contain the incident.
- Implemented additional cybersecurity measures to harden the environment against further intrusion.
- Is offering complimentary credit monitoring and identity theft protection services to affected individuals. Enrollment instructions and a single-use activation code are included in each individual notification letter.
Recipients should follow the activation instructions in their letter before the enrollment deadline. Each code is tied to the named individual and cannot be reused.
Class-action posture
As of this page’s last update, no class-action complaint against Clement Manor has been confirmed on the public dockets of the U.S. District Court for the Eastern District of Wisconsin or in Milwaukee County Circuit Court on the basis of publicly available sources. Plaintiff-side firms routinely open investigations of healthcare breaches at this scale and exposed-data profile, and one or more investigations may be announced in the months following individual notification. The HHS OCR portal entry remains open; the OCR investigation has not yet been resolved.
What to do (senior-specific)
- Freeze the resident’s credit at all three bureaus. Because Social Security and driver’s license numbers were within the dataset, a security freeze at Equifax, Experian, and TransUnion is materially more protective than monitoring alone. It is free, reversible, and can be initiated by a power-of-attorney holder with appropriate documentation.
- Watch for the notification letter. Letters began mailing June 20, 2025 to the address Clement Manor has on file. The letter lists the specific data elements exposed for that individual and the enrollment code for complimentary credit monitoring and identity theft protection.
- Enroll in the offered credit monitoring before the deadline. The enrollment code is single-use and tied to the named individual.
- Brief the resident and authorized contacts on the scam patterns. Treat any unsolicited outreach referencing Clement Manor, Medicare, Social Security, prescription refills, or “billing follow-up” as suspect. Verify by calling the community on a number you look up independently from clementmanor.com, not the number provided in the message.
- Monitor Medicare and insurance Explanations of Benefits for services the resident did not receive. Medical identity theft using exposed insurance information surfaces here first, often before any financial-fraud activity.
- For memory-care and skilled-nursing residents: power-of-attorney holders should consider placing a fraud alert on the resident’s file in addition to a freeze, registering the resident on the DMA-Choice and National Do Not Call lists, and reviewing brokerage and bank accounts for unusual address-change or beneficiary-change requests.
- Keep records. Save the notification letter, any enrollment confirmations, and any suspicious calls or letters. If a class action is filed and certified, this documentation supports a claim.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record at 16,046 affected, Hacking/IT Incident, Network Server, reported June 25, 2025.
- HIPAA Journal — June 2025 Healthcare Data Breach Report — incident summary, exposed-data fields, law-enforcement notification, and complimentary credit monitoring offering.
- calHIPAA — Healthcare Data Breach Report for June 2025 — initial interim placeholder reporting and subsequent file-review-driven update to 16,046 affected individuals.
- Clement Manor — Senior Living in Greenfield, WI (entity website) — confirms the entity’s identity, location, and continuum-of-care service profile (independent living, assisted living, memory care, skilled-nursing rehabilitation, and adult day services).
- Wisconsin DATCP — Consumer Data Breaches — Wisconsin state-level consumer data-breach reporting context.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- HIPAA Journal — June 2025 Healthcare Data Breach Report
- calHIPAA — Healthcare Data Breach Report for June 2025
- Clement Manor — Senior Living in Greenfield, WI (entity website)
- Wisconsin DATCP — Consumer Data Breaches
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.