Averhealth Holdings, the parent company of Avertest, Inc., has disclosed a data security incident that may have exposed sensitive personal and protected health information belonging to certain individuals. The incident involved unauthorized access to Averhealth’s email environment and potentially affected information including Social Security numbers, medical information, and other personal identifiers.
Averhealth began notifying potentially affected individuals on July 2, 2026 and is offering complimentary credit monitoring services to individuals whose Social Security numbers were impacted.
Averhealth Holdings Data Breach Investigation
Averhealth Holdings reported that it detected unusual activity within Avertest’s email environment on January 20, 2026. After identifying the suspicious activity, Averhealth immediately took steps to contain the incident and launched an investigation with the assistance of external cybersecurity professionals.
The investigation determined that an unauthorized party gained access to Averhealth’s network between December 19, 2025, and January 21, 2026. On May 6, 2026, Averhealth determined that certain files potentially accessed or acquired during the incident contained personal and health-related information.
The affected information was discovered during a detailed review of potentially compromised files. Averhealth stated that not all individuals had the same information involved and that the types of information impacted may vary by person.
The company stated that it has no evidence of identity theft or financial fraud occurring as a result of the incident. However, due to the sensitive nature of the information involved, Averhealth is encouraging affected individuals to take precautions to protect their personal information.
When Did This Breach Occur?
The unauthorized access occurred between December 19, 2025, and January 21, 2026.
Averhealth discovered unusual activity in its email environment on January 20, 2026 and began investigating the incident with cybersecurity specialists.
On May 6, 2026, the company determined that certain files containing personal information may have been accessed or acquired.
Notification letters were sent to potentially affected individuals on or about July 2, 2026.
What Information Was Breached?
The information potentially exposed in the Averhealth Holdings data breach may include:
- Name
- Clinical information
- Diagnosis information
- Digital or electronic signature
- Date of birth
- Driver’s license number
- Health insurance policy-related number
- Medical cost information
- Medical dates of service
- Medical history
- Medical provider name
- Medical record number
- Medical treatment or procedure information
- Mental or physical condition information
- Minor-related information
- Patient account number
- Social Security number
Not every individual had all categories of information involved.
Because the breach may have included Social Security numbers and medical information, affected individuals may face increased risks related to identity theft, medical identity theft, insurance fraud, and other misuse of personal data.
What You Can Do
If you received a notice regarding the Averhealth Holdings data breach, consider taking the following steps:
- Enroll in credit monitoring: Averhealth is offering complimentary credit monitoring services for individuals whose Social Security numbers were impacted.
- Monitor financial accounts: Review bank accounts, credit cards, and other financial statements for suspicious transactions.
- Review credit reports: Check your credit reports for unfamiliar accounts, inquiries, or changes.
- Consider a fraud alert or credit freeze: These protections can help prevent unauthorized credit accounts from being opened.
- Review medical records and insurance statements: Check explanation of benefits statements and medical bills for unfamiliar services or claims.
- Watch for phishing attempts: Be cautious of emails, calls, or messages that request personal information or account details.
- Keep breach communications: Save notification letters and any documentation related to the incident.
- Document suspicious activity: Maintain records of fraud concerns, unauthorized activity, and costs associated with protecting your identity.
Individuals with questions about the incident can contact Averhealth’s dedicated response line at (844) 959-7153, available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time, excluding holidays.
File a Data Breach Lawsuit Against Averhealth Holdings
Healthcare organizations and companies that maintain sensitive personal and medical information have a responsibility to implement reasonable security measures to protect that data. When a data breach occurs, affected individuals may face privacy risks, financial harm, and the burden of monitoring and protecting their personal information.
If your information was exposed in the Averhealth Holdings data breach, you may have legal options. A class action lawsuit may help affected individuals seek compensation for damages related to privacy violations, identity protection expenses, and other losses connected to the incident.
By joining with others affected by the same cybersecurity event, individuals may be able to hold organizations accountable and encourage stronger protections for sensitive healthcare information.
Contact Class Action U to connect with experienced data breach lawyers. If you received a notice or believe your information may have been affected, fill out our secure form to learn more. There is no cost and no obligation to speak with a legal partner.