Harbor Data Breach Exposes Social Security Numbers of 216k Patients

On Aug. 1, 2025, Harbor, a mental health care provider in northwest Ohio, discovered suspicious activity on its computer network. The company launched an investigation and determined that an unauthorized actor had accessed and exfiltrated certain files from its network between July 25 and Aug. 1, 2025.

A comprehensive review revealed that the compromised files contained both personally identifiable information (PII) and protected health information (PHI) including names, addresses, dates of birth, Social Security numbers, driver’s license numbers or other state identification numbers, financial account information, health insurance information, medical diagnosis and treatment information, and clinical information.

The data breach was subsequently disclosed to the Maine Attorney General, the Massachusetts Attorney General, the Montana Attorney General, and the New Hampshire Attorney General between Oct. 24 and Oct. 27, 2025. The U.S. Department of Health and Human Services was disclosed on June 20, 2025.

The breach has affected 216,000 total individuals in the U.S., including five in Maine, ten in Massachusetts, six in Montana, and three in New Hampshire.

Harbor's response

Harbor has also posted a public notice of the data breach on its website on Sept. 30, 2025. On or about Oct. 24, 2025, they also sent written notices to those with available mailing addresses.

The company is offering complimentary credit monitoring and identity protection services through Epiq to individuals whose personal information may have been compromised. These services include one-bureau credit monitoring with alerts, dark web monitoring, credit protection with security freeze assistance, change of address monitoring, and identity restoration support.

In addition, Harbor has provided detailed instructions for affected individuals on how to monitor their credit, place fraud alerts or credit freezes, and report suspected identity theft to the appropriate authorities.

Individuals are strongly encouraged to remain vigilant for signs of identity theft and fraud. Reviewing account statements, monitoring credit reports, and taking advantage of the free credit monitoring services are important steps to help protect against potential misuse of personal information.