Active breach tracker St. Louis, Missouri Disclosed April 11, 2025

The Gatesworth Senior Living St. Louis Data Breach 2025: 31,124 Affected · Qilin Ransomware Claim · Senior-Living Community in St. Louis

The Gatesworth Communities, a luxury senior-living group in St. Louis, Missouri (operating The Gatesworth, Parc Provence, and the McKnight Place communities), confirmed unauthorized access to its network between January 22 and 26, 2025 after a third-party IT vendor was breached. 31,124 individuals were affected. Names, Social Security numbers, dates of birth, government IDs, medical records, health insurance details, and financial information may have been exposed. Notifications mailed August 26, 2025. The Qilin ransomware group named The Gatesworth on its leak site.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Jan 22, 2025

Unauthorized actor begins accessing The Gatesworth Communities network via a compromised third-party IT vendor

Jan 26, 2025

Unauthorized access window closes (four-day intrusion)

Feb 3, 2025

Qilin ransomware group publishes The Gatesworth Senior Living St. Louis on its dark-web leak site

Feb 5, 2025

The Gatesworth identifies suspicious activity on its network; investigation begins

Apr 11, 2025

Breach posted to HHS Office for Civil Rights public portal at 31,124 affected — Hacking/IT Incident, Network Server

Jul 16, 2025

Review concludes that personal and protected health information belonging to residents and patients was within the accessed data

Aug 26, 2025

Individual notification letters mailed; substitute notice posted; Montana Attorney General notified

Sep 4, 2025

Massachusetts Attorney General notified

Sep 8, 2025

Texas Attorney General notified

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security numbers Driver's license / government ID numbers

02

Health records

Don't expire and can't be reissued

Medical records and protected health information

03

Contact & insurance

Phishing + targeted scams

Names Addresses Dates of birth Financial account information Health insurance information
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

The Gatesworth Communities, a family of luxury senior-living properties in St. Louis, Missouri operating as The Gatesworth, Parc Provence, McKnight Place Assisted Living and Memory Care, and McKnight Place Extended Care, confirmed that an unauthorized actor accessed its network between January 22 and January 26, 2025 after first compromising a third-party IT vendor. The intrusion affected 31,124 individuals per the HHS Office for Civil Rights public breach portal. Names, Social Security numbers, dates of birth, government-issued identification numbers, financial-account information, health-insurance details, and medical records were within the dataset that may have been accessed. Individual notification letters began mailing on August 26, 2025, more than six months after the intrusion. The Qilin ransomware group named the community on its dark-web leak site on February 3, 2025, two days before The Gatesworth detected the activity in its own environment.

Timeline

  • January 22–26, 2025 — Unauthorized actor accesses The Gatesworth Communities’ network through a compromised third-party IT vendor account.
  • February 3, 2025 — The Qilin ransomware group publishes The Gatesworth Senior Living St. Louis as a victim on its dark-web leak site.
  • February 5, 2025 — The Gatesworth identifies suspicious activity in its network and begins an internal investigation with outside forensics support.
  • April 11, 2025 — Breach posted to the HHS OCR public portal at 31,124 affected individuals, classified as a Hacking/IT Incident with Network Server as the location of breached information.
  • July 16, 2025 — Document review concludes that personal and protected health information belonging to residents and patients was within the accessed data.
  • August 26, 2025 — Individual notification letters mailed; substitute notice posted to the entity website; Montana Attorney General notified.
  • September 4, 2025 — Massachusetts Attorney General notified.
  • September 8, 2025 — Texas Attorney General notified.

What was exposed

The dataset that may have been accessed varies by individual and, across the public state-AG and plaintiff-firm disclosures, includes any combination of:

  • Name, address, and date of birth
  • Social Security number
  • Driver’s license number or other government-issued identification number
  • Financial account or payment information
  • Health insurance information
  • Medical records and other protected health information (diagnoses, treatment, care notes)

The combination of Social Security number, driver’s license number, and clinical detail places this incident in the higher-risk tier of healthcare disclosures. The fact that the Qilin ransomware group publicly listed the community on its leak site indicates the actor extracted data, not merely encrypted it.

Sensitive-population considerations

The Gatesworth’s resident population is materially different from a typical hospital or insurer breach group, which changes the downstream risk profile in three ways.

First, senior-living residents are a disproportionately targeted scam population. Threat actors with verified name, address, date of birth, Social Security number, and a confirmed senior-living context can build highly convincing impersonation lures: fake Medicare overpayment claims, fake Social Security calls, fake “facility billing department” follow-ups, fake prescription-cost collections, and fake family-emergency calls referencing the community by name. Many residents are accustomed to receiving routine outreach from the community itself, which makes a spoofed “Gatesworth billing” or “McKnight Place records” message especially dangerous.

Second, dementia and memory-care residents at Parc Provence and McKnight Place Assisted Living and Memory Care cannot reliably self-screen for fraud. Power-of-attorney holders, adult children, and other authorized contacts need to act for them, including credit freezes on the resident’s file and active monitoring of bank and Medicare statements.

Third, the financial blast radius is larger. Senior-living residents are more likely to carry significant home-equity proceeds, retirement accounts, brokerage assets, and life-insurance products than the general patient population. SSN-plus-DOB-plus-driver’s-license is the standard tradecraft input for synthetic-identity loan applications and new-account fraud at financial institutions where verification leans on knowledge-based authentication.

Class-action posture

Multiple plaintiff-side firms have publicly opened investigations of The Gatesworth Communities data breach, including Barnow and Associates, P.C., Strauss Borrelli PLLC, and Dapeer Law, P.A. As of this page’s last update, no filed class-action complaint or case number has been confirmed in the U.S. District Court for the Eastern District of Missouri or in any other federal or state court of record on the basis of publicly available sources. The HHS OCR portal entry remains open.

What to do (senior-specific)

  • Freeze the resident’s credit at all three bureaus. Because Social Security numbers and driver’s license numbers were within the dataset, a security freeze with Equifax, Experian, and TransUnion is materially more protective than monitoring alone. It is free, reversible, and can be initiated by a power-of-attorney holder with appropriate documentation.
  • Watch for the notification letter. Letters began mailing August 26, 2025 to the address The Gatesworth has on file. Read the letter carefully — it lists the specific data elements exposed for that individual and any complimentary credit-monitoring or identity-theft-protection enrollment code and deadline. Each enrollment code is single-use and tied to the named individual.
  • Brief the resident and any authorized contacts on the scam patterns. Treat any unsolicited outreach referencing The Gatesworth, McKnight Place, Parc Provence, Medicare, Social Security, prescription refills, or “billing follow-up” as suspect. Verify by calling the community on a number you look up independently — never the number provided in the message.
  • Monitor Medicare and insurance Explanations of Benefits for services the resident did not receive. Medical identity theft using exposed insurance information surfaces here first, often before any criminal-financial activity.
  • For dementia and memory-care residents: power-of-attorney holders should consider placing a fraud alert on the resident’s file in addition to a freeze, registering the resident on the DMA-Choice and National Do Not Call lists, and reviewing brokerage and bank accounts for unusual address-change or beneficiary-change requests.
  • Keep records. Save the notification letter, any enrollment confirmations, and any suspicious calls or letters. If a class action is filed and certified, this documentation supports a claim.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.