Devereux Foundation Discloses Data Breach Following Ransomware Attack

On Nov. 9, 2025, The Devereux Foundation, a national behavioral healthcare nonprofit, discovered suspicious activity within its electronic systems. Devereux took steps to isolate the affected systems and launched an investigation with the help of third-party cybersecurity specialists.

The ransomware group known as The Gentlemen claimed responsibility for the attack, announcing on a dark web forum on Nov. 28, 2025, that they had obtained sensitive organizational data and intended to publish it within nine to 10 days unless their demands were met.

The exact number of affected individuals has not yet been disclosed, as the investigation is ongoing. However, Devereux has acknowledged that information related to current and former employees, clients, donors, payors and business partners may be involved.

According to the data breach notice on Devereux’s website, the types of information potentially exposed include names, demographic details, clinical information and financial information.

The severity of the breach is heightened by the nature of the attack. Ransomware incidents often involve not only the encryption of internal data but also the theft and threatened publication of sensitive records. The Gentlemen group’s claim to have exfiltrated Devereux’s data and their intent to publish it on the dark web underscores the seriousness of the event. For more details, readers can review the .

The Devereux Foundation's response

In response to the incident, Devereux acted quickly to contain the threat by isolating affected systems and engaging third-party cybersecurity experts to assist with the investigation and restoration of services. The organization has prioritized the security and operability of its network and data, working to securely restore full functionality as soon as possible.

Devereux is notifying individuals whose information may have been involved and is providing complimentary credit monitoring services to those affected. The organization encourages all potentially impacted individuals to remain vigilant by reviewing account statements and monitoring credit reports for any unauthorized or suspicious activity over the next 12 to 24 months. Steps for protecting personal information, such as placing fraud alerts or credit freezes with the major credit bureaus, are outlined in the official notice.

If individuals have questions or need assistance, Devereux has set up a dedicated call center at 855-403-1821, available Monday through Friday from 9 a.m. to 9 p.m. ET, excluding U.S. holidays.