Equilibria Mental Health Services experienced a data breach which compromised both personally identifiable information (PII) and protected health information (PHI). On June 24, 2025, it was discovered that two internal email accounts authorized for business operations were breached due to an email phishing scam facilitated by a cybercriminal.
The data breach led to the exposure of sensitive information belonging to approximately 2,000 individuals, including current clients, individuals who have contacted Equilibria to inquire about services and family members. The cybersecurity incident was reported to the Department of Health and Human Services on July 20, 2025.
Compromised data may include names, email addresses, mailing addresses, physical addresses, telephone numbers, health insurance plan information, and in some cases, a person’s self-reported reason for reaching out to the practice. Equilibria also published a HIPAA Breach Notification on its own website.
Equilibria has advised anyone who received the phishing email not to open the embedded link and to delete the message. For those who may have opened the document and provided their password, it is recommended to change the password immediately.
If you receive a notice from Equilibria Mental Health Services about this breach, you may want to:
Individuals who believe their information has been used inappropriately or have questions about the possible disclosure of their protected health information can contact Equilibria’s HIPAA Privacy Officer, Erica Burgoon, at 267-861-3685 x490 or 888-233-2570, or by email at Privacy@EquilibriaPCS.com.
More information about the company and its services can be found on the Equilibria Mental Health Services website.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.