FMRS Health Systems Data Breach Exposes PII and PHI

FMRS Health Systems Inc., a nonprofit mental health center serving communities across four counties in West Virginia, disclosed a data breach.

FMRS Health Systems identified irregular activity on certain computer systems within its network on Feb. 27, 2026. The organization took steps to secure the network and begin an investigation.

The investigation determined that unauthorized access to certain systems occurred from Jan. 20, 2026, to Feb. 27, 2026. During that time, files were copied from the affected systems. The company noted that its electronic health record and email systems were not impacted by the incident.

The types of personally identifiable information (PII) potentially exposed included names, addresses, dates of birth, Social Security numbers, driver's license numbers and financial account information. Protected health information (PHI) potentially exposed included medical history information, diagnostic information, treatment information, prescription information, physician information, medical record numbers and health insurance information.

On March 13, 2026, a ransomware group known as Qilin claimed responsibility for the attack on the dark web. The group posted its claim on the Tor network, stating it had obtained the organization's data.

The breach was disclosed to the U.S. Department of Health and Human Services on April 28, 2026. FMRS Health Systems posted a notice on its website to inform affected individuals.

FMRS Health Systems' response to the breach

FMRS Health Systems stated that its investigation was still ongoing at the time of the notification.

The company encouraged individuals to remain vigilant against identity theft and fraud by reviewing their account statements and credit reports for any unauthorized or suspicious activity.

Individuals with questions about the incident can contact the company directly. Representatives are available from 8 a.m. to 5 p.m. Monday through Friday, excluding holidays, at 304-256-7100.

Individuals may also write to FMRS Health Systems at 101 South Eisenhower Drive, Beckley, WV 25801.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-833-799-5355) to help prevent unauthorized accounts from being opened.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any accounts or activity that seem unfamiliar.
• Monitor financial account statements closely for unauthorized transactions, since financial account information was among the data potentially exposed in this breach.
• Review health insurance statements and Explanation of Benefits documents for any medical services, prescriptions or claims not received, as medical and insurance information may have been compromised.
• Be cautious of phishing attempts that reference FMRS Health Systems or this breach by name, as scammers may use stolen information to craft convincing emails, calls or messages.
• Report signs of identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338, and file a report with local law enforcement if needed.