Richmond Behavioral Health Authority (RBHA) offers substance abuse and prevention and mental health services in Richmond, Virginia. This HIPAA-covered entity recently encountered a data incident that resulted in the compromise of up to 113,232 individuals’ data.
On or about September 30, 2025, RBHA identified unauthorized access to its computer network. It launched an investigation to find out the nature and extent of the unauthorized activity. Cybersecurity specialists helped with the investigation and secured the network, computer programs, and data.
The forensic investigation confirmed that hackers initially viewed its system on September 29, 2025, then used ransomware to encrypt files. RBHA mentioned it did not find conclusive proof that a third party accessed patient data without authorization. Nevertheless, since sensitive information might have been accessed, RBHA will send notice to all persons possibly affected.
The analysis of the breached files showed that they included personal data and protected health information (PHI) including full names, Social Security numbers, passport numbers, financial account details, and medical data. RBHA mentioned that the incident investigation is in progress and it has implemented extra safety measures to reinforce security and stop identical occurrences later on. Those measures include having a top rated service provider to keep track of systems cybersecurity, checking the security framework of its systems, and enforcing tougher data security guidelines.
RBHA did not disclose who is responsible for the attack; nonetheless, the Qilin ransomware group professed to have been behind the attack and listed RBHA on its dark web data leak site. According to Qilin, it exfiltrated 192 GB of data during the attack and has posted the stolen information. The exposed information included some patient information, thus, affected individuals are instructed to stay cautious against identity theft and fraud.
Image credit: IDOL’foto, AdobeStock / logo©RBH
