.png)
Richmond Behavioral Health Authority (RBHA) Data Breach Impacts 113,232 Individuals
On Sept. 29, 2025, Richmond Behavioral Health Authority (RBHA) experienced a significant data security incident that exposed personally identifiable information (PII) and protected health information (PHI) of at least 113,232 individuals in the United States. According to the official disclosure, malicious actors gained unauthorized access to RBHA’s network and deployed ransomware, encrypting portions of the organization’s systems.
The intrusion was detected and terminated the following day, Sept. 30, 2025. While there is no definitive evidence that personal information was accessed or misused, the possibility could not be ruled out, prompting RBHA to notify affected individuals out of an abundance of caution.
Exposed information includes, full name, Social Security number, passport number, financial account information and medical information. This combination of sensitive data increases the risk of identity theft and fraud for those affected.
RBHA reported the breach to the U.S. Department of Health and Human Services on Nov. 28, 2025. The company has also posted a Notice of Data Breach on its website. The company has notified impacted individuals by mail.
Richmond Behavioral Health Authority's response
In response to the ransomware attack, RBHA immediately engaged its management, IT staff and third-party cybersecurity experts to investigate the incident, secure personal information and protect its network from further compromise. The organization moved quickly to terminate the unauthorized access and launched a thorough review of its systems to determine the scope of the breach.
Given the nature of the breach, which involved both PII and PHI. affected individuals should be especially cautious. It is recommended to:
- Monitor bank and credit card accounts for unauthorized transactions
- Obtain and review free credit reports from major credit bureaus
- Consider placing a fraud alert or credit freeze on credit files
- Watch for suspicious emails, phone calls or mail related to the breach
For affected individuals, RBHA has provided a dedicated toll-free hotline at 844-572-2716, available Monday through Friday from 8 a.m. to 5:30 p.m. CT (excluding major U.S. holidays), to answer questions and provide support.
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info- Affected information types not yet disclosed
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)