Home
>
Data Breach>Mount Rogers Community Services

Mount Rogers Data Breach Affects Patients and Employees

Published
June 14, 2025
Updated
June 14, 2025
Mount Rogers Data Breach Affects Patients and Employees
Mount Rogers Community Services
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Mount Rogers Community Services

data breach?

Join the Lawsuit

It's free to join. 

On April 29, 2025, Mount Rogers Community Services, a Virginia-based mental health care provider, discovered it had fallen victim to a ransomware attack. An investigation revealed that the data breach began on or around April 27, 2025, and lasted until April 29, 2025.

The ransomware group known as INC RANSOM publicly claimed responsibility for the attack, posting about the data breach on the dark web on June 10, 2025. The attackers stated they had acquired data belonging to Mount Rogers Community Services and threatened to release it if their demands were not met.

The cybersecurity incident compromised both personally identifiable information (PII) and protected health information (PHI). Exposed information may include the following patient information: Name, Social Security number, address, zip code, date of birth, diagnosis/conditions, medications, dates of service and other treatment information.

The data breach also included some employment related files and the following employee and employee dependent information may have been exposed: Names, addresses, dates of birth, driver’s license numbers, Social Security numbers, medical information shared for employment purposes, and/or benefits enrollment information.

Mount Rogers Community Services notified the Massachusetts Attorney General's office on June 13, 2025 and published a Notice of Cyber Incident on its own website.

Mount Rogers’ response

Mount Rogers Community Services initiated an investigation and contacted law enforcement. Affected individuals were notified by mail on June 13, 2025.

If you receive a data breach notification from Mount Rogers Community Services, you may want to:

  • Sign up for the free identity monitoring services through Kroll, paid for by Mount Rogers.
  • Monitor your credit reports and financial accounts for any unusual activity.
  • Be alert for phishing emails or phone calls that may use your exposed information.
  • Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information, visit the Mount Rogers Community Services website.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
Mount Rogers Community Services
Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
Information Types Exposed
  • name
  • Social Security number
  • address
  • zip code
  • date of birth
  • diagnosis/conditions
  • medications
  • dates of service
  • other treatment information
  • information related to insurance or claims information
  • driver’s

Data Breach Settlements

SMART $945,000 Data Breach Class Action Settlement
Aven Financial Inc. $450K Data Breach Settlement
Estrella Insurance Data Breach Class Action Settlement
Sysco Corp. $2.3M Data Breach Class Action Settlement
New Horizons Medical Data Breach Class Action Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

AltaMed Data Breach Exposes SSNs and Protected Health Info
June 15, 2025
AltaMed Data Breach Exposes SSNs and Protected Health Info
Rural Health Services Data Breach Exposes PII and PHI
June 14, 2025
Rural Health Services Data Breach Exposes PII and PHI
Arkansas Urology Data Breach Affects Patient Info
June 14, 2025
Arkansas Urology Data Breach Affects Patient Info
McKenzie Memorial Breach Exposes PII and PHI Data
June 13, 2025
McKenzie Memorial Breach Exposes PII and PHI Data