Health Dimensions Group 2025 Data Breach

Health Dimensions Group Senior Care Management Breach (2025): ~450 Elderly Patients' Medicare, Medical & Care Records Exposed via WorldLeaks | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

WorldLeaksRansomware / ExtortionMedicalDate of BirthFull NameGovernment IDMedical DiagnosisMedical Record NumberMedicationPhysical Address
High SeverityWebsite / service breach

Health Dimensions Group Senior Care Management Breach (2025): ~450 Elderly Patients' Medicare, Medical & Care Records Exposed via WorldLeaks

Senior care and healthcare management consulting firm.

Verified by ObscureIQ Intelligence
86/100Breach Risk Index
57Data Value
40Market Recency
216dSince Breach

Breach Intelligence Summary

Entity: Health Dimensions Group · Actor: WorldLeaks · Sources: 2 references
Attack: Ransomware / Extortion
Profile: Company · Healthcare consulting and management · Advisory services provider · USA
Timeline: Breach (2025-11-06) · Indexed (Dec 04, 2025) · Year (2025)
Exposure: 450 records · 8 fields: Date of Birth, Full Name, Government ID, Medical Diagnosis, Medical Record Number, Medication, Physical Address, Treatment Information
Status: Confirmed

Executive Summary

Health Dimensions Group, a Minneapolis-based senior-care management and consulting firm, suffered a ransomware attack attributed to the WorldLeaks group, discovered November 6, 2025 (access ~October 31-November 17, 2025). A file review completed March 2, 2026 determined 450 individuals were affected. Exposed data included names, addresses, dates of birth, Medicare numbers, medical record numbers, start-of-care and certification dates, provider names/addresses, advance-directive types, diagnoses/health status, medication lists, and treatment orders/goals. (NOTE: the prior record listed ~94,084 affected and Social Security numbers; the official notification confirms only 450 individuals and lists Medicare numbers, not SSNs - corrected.)

ObscureIQ assessment: High risk because the firm may sit inside sensitive care and operational data flows. Exposure can enable medical fraud, provider impersonation, and targeting of vulnerable healthcare populations.

Breach Impact

Although the confirmed affected population is small (about 450), the exposed data is unusually rich clinical and care-planning information for an elderly, vulnerable population, Medicare numbers, medical record numbers, diagnoses/health status, medication lists, treatment orders, and advance directives. This enables medical identity fraud, Medicare/insurance abuse, and highly targeted scams against seniors and their families, with severe privacy sensitivity per affected individual.

About Health Dimensions Group

Health Dimensions Group (HDG) is a Minneapolis, Minnesota-based senior-living and senior-care management and consulting firm that operates and advises skilled-nursing, assisted-living, and post-acute/home-health programs. As a manager and consultant embedded in care operations, it holds resident/patient clinical, Medicare, and care-planning records alongside facility and staffing data.

Why They Hold Your Data

Healthcare consulting and management firms collect client, facility, resident, patient, staffing, and operational records across advisory, compliance, and healthcare-management workflows.

Recent Developments

HDG discovered a ransomware incident on November 6, 2025 (unauthorized access ~October 31-November 17, 2025), attributed to the WorldLeaks group. A file review completed March 2, 2026 determined the incident affected 450 individuals (including 1 Maine resident). HDG notified affected individuals and implemented additional security measures.

Data Points Exposed

8 verified field types
Date of Birth High
Full Name High
Government ID Critical
Medical Diagnosis Critical
Medical Record Number
Medication
Physical Address High
Treatment Information

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Medicare and health-insurance fraud using Medicare numbers and care records
  • Medical identity fraud using diagnoses, medications, and treatment data
  • Elderly-targeted scams and coercion leveraging care status and advance directives
  • Identity linkage/verification using name + DOB + Medicare number
  • Doxxing and physical targeting from exposed home addresses
Threat vectors:
  • Medical extortion, insurance fraud & discrimination
  • Medicare/insurance fraud
  • Elderly-targeted fraud & coercion
  • Name-based social engineering
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: WorldLeaks

WorldLeaks
Ransomware / Extortion

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Health Dimensions Group breach?

Health Dimensions Group, a Minneapolis-based senior-care management and consulting firm, suffered a ransomware attack attributed to the WorldLeaks group, discovered November 6, 2025 (access ~October 31-November 17, 2025). A file review completed March 2, 2026 determined 450 individuals were…

What data was exposed?

Verified fields include Date of Birth, Full Name, Government ID, Medical Diagnosis, Medical Record Number, Medication, Physical Address, Treatment Information.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation