On July 24, 2024, American Clinical Solutions (“ACS”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party was able to access confidential information in the company’s possession. ACS explains that as a result of the incident, the unauthorized gained access to sensitive information belonging to an estimated 300,000 consumers. This is a notable decrease from previous estimates, which were in the 400k range. Upon completing its investigation, ACS will likely begin sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a data breach notification from American Clinical Solutions, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the American Clinical Solutions data breach. For more information, please see our recent piece on the topic here.

What Caused the American Clinical Solutions Data Breach?

The American Clinical Solutions data breach was only recently announced, and more information is expected in the near future. For now, ACS’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides only very little information on what led up to the breach. However, various news sources have also covered the incident.

According to these sources, back in May 2024, ACS was added to the “victim list” of a notorious hacker group. At the time, hackers claimed to have exfiltrated the medical records of more than 400,000 patients who had testing performed at ACS facilities.

As is common in ransomware attacks, the hackers gave ACS a few days (until May 25, 2025) to pay the ransom before leaking the files to the dark web. It remains unknown whether ACS paid the demanded ransom; however, several months later, the company reported the data breach to the U.S. Department of Health and Human Services Office for Civil Rights, estimating that 300,000 people were affected.

On July 24, 2024, American Clinical Solutions filed its notice with the HHS-OCR. Typically, this is around the time that companies send out data breach letters to those who were affected by the incident. However, the timeline of the ACS data breach may be different. Regardless, once they arrive, these letters should provide victims with a list of what information belonging to them was compromised.

More Information About American Clinical Solutions

Founded in 2008, American Clinical Solutions, LLC is a healthcare services company based in Sun City, Florida. ACS provides a wide range of testing services for both prescription and illicit narcotics. ACS conducts urine testing as well as oral fluid testing and can create customizable testing options based on the needs of its clients. American Clinical Solutions employs more than 125 people and generates approximately $20 million in annual revenue.