Clinica Family Health & Wellness Data Breach Affects Mental Health Partners Systems

On March 14, 2025, Clinica Family Health & Wellness discovered a data security incident affecting the Mental Health Partners environment, a system integrated into the organization following a recent merger.

The breach was the result of a ransomware attack carried out by the cybercriminal group INC RANSOM, who claimed responsibility and posted sample screenshots of stolen data on their dark web portal. While the forensic investigation did not uncover direct evidence that data was exfiltrated, the organization is conducting a comprehensive review to determine the full scope of information that may have been accessed by the unauthorized actor.

At this time, the exact number of affected individuals has not been disclosed, as the investigation is ongoing. However, the breach impacted some, but not all, of Clinica’s systems. The company noted that the Clinica Family Health Services system was not affected.

The types of information potentially exposed in this type of attack could include personally identifiable information (PII) and protected health information (PHI), though the exact details are still under review.

INC RANSOM’s involvement underscores the severity of the breach. Ransomware attacks are particularly concerning in the healthcare sector due to the sensitivity of the data involved and the potential for operational disruption.

he incident has likely raised concerns among patients and staff, especially given the organization’s role in serving vulnerable populations. For more information, the official data security incident notice provides additional details.

Clinica Family Health & Wellness’s response

After detecting the intrusion, Clinica Family Health & Wellness contained the incident and engaged external cybersecurity professionals to assist with the investigation. The organization is working diligently to identify all individuals whose information may have been impacted.

As the review continues, they have committed to notifying all known affected individuals as quickly as possible and in accordance with applicable laws. Notification will be provided via U.S. Mail if it is determined that personal or protected health information was involved.

To support those potentially affected, Clinica has published precautionary measures on their website, including steps to protect against medical identity theft, instructions for placing fraud alerts or security freezes on credit files, and guidance on obtaining free credit reports. The organization encourages clients and personnel to consider these protective actions.

A dedicated and confidential toll-free response line has been established at 833-380-5910, staffed with professionals familiar with the incident and knowledgeable about steps to prevent misuse of information. The line is available Monday through Friday, 6 a.m. to 6 p.m. Mountain time, excluding holidays.

For more about the company, visit the Clinica Family Health & Wellness website.