Behavioral Health Group Data Breach Affects 597,591 People

On Aug. 19, 2025, Behavioral Health Group, the largest network of Joint Commission-accredited outpatient opioid treatment and recovery centers in the United States, disclosed a data breach to the U.S. Department of Health and Human Services.

The types of information compromised include a combination of personally identifiable information (PII) and protected health information (PHI). This may include names, addresses, dates of birth, Social Security numbers, medical record numbers, treatment information, health insurance details and other sensitive data related to opioid use disorder treatment.

The total number of affected individuals has not been released, but is believed to include several thousand current and former patients. Because Behavioral Health Group provides specialized care for individuals with opioid use disorder, the exposure of both PII and PHI could have serious implications for privacy and security.

Behavioral Health Group's response

In addition to required state and federal disclosures, Behavioral Health Group will work to notify impacted individuals.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Behavioral Health Group.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more about the organization, visit Behavioral Health Group's website.