Counseling Center Data Breach Exposes PHI and PII of 83k Individuals

On March 3, 2025, the Counseling Center of Wayne and Holmes Counties, a non-profit mental health organization based in Ohio, discovered a data breach after being alerted to suspicious activity by a third-party service provider.

The breach was traced back to March 2, 2025, when an unauthorized entity gained access to one of the center’s servers. According to the company’s forensic investigation, the attacker accessed and exfiltrated sensitive information from their systems before the incident was contained.

The types of information exposed varies by individual but may include both personally identifiable information (PII) and protected health information (PHI): name, date of birth, Social Security number, driver’s license or state identification number, health insurance information, medical condition information, treatment provider name, medical record number, treatment cost information and diagnosis and/or treatment information.

The breach affected a total of 83,354 individuals in the United States, with two residents in Maine confirmed as impacted.

The incident was reported to the Maine Attorney General on Feb. 9, 2026. The center has also posted a detailed notice to consumers on its website.

Written notifications have been mailed to impacted individuals.

Counseling Center of Wayne and Holmes Counties' response

The center encourages those affected to remain vigilant against potential identity theft and fraud.

Recommended steps include regularly monitoring free credit reports, reviewing account statements and reporting any suspicious activity to financial institutions. Individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus.

The center’s notice provides contact information for Equifax, Experian and TransUnion, as well as guidance on placing fraud alerts or security freezes on credit files.

For those concerned about medical identity theft, the center advises reviewing explanation of benefits statements, contacting insurance providers for unfamiliar items and requesting copies of medical records from the relevant time period.