A group of mental health and addiction recovery treatment centers in Tampa, FL, reported a security breach involving unauthorized access to patient information. Oglethorpe provides management services to health centers, wellness facilities, and specialized hospitals providing substance abuse treatment services, psychiatric services, and behavioral health guidance counseling. The centers are located in Florida, Ohio, and Louisiana.
Oglethorpe encountered a hacking incident in June 2025, and its systems became inaccessible for some time. Third-party cybersecurity specialists helped to control, inspect, and deal with the incident. The investigation showed that the hackers initially acquired access to its system on May 15, 2025, and managed to have access up to June 6, 2025. The investigation finished on September 16, 2025, and it confirmed the theft of files that contain patient data from its system. The analysis of the files was completed on October 23, 2025, and Oglethorpe discovered the exposure of data, including first and last names, Social Security numbers, birth dates, medical data, and driver’s license numbers.
Oglethorpe mentioned there was insufficient proof to confirm the improper use of the breached data; nevertheless, as a safety measure against fraud and identity theft, the impacted persons were given free single-bureau credit monitoring, credit report, and credit score services for a year.
As a result of the breach, Oglethorpe wiped all systems clean and recreated them. Data was recovered using backup copies. Extra steps were undertaken, including conducting HIPAA training to strengthen system security to avoid similar incidents later on. The breach is not yet posted on the HHS Office for Civil Rights portal; nonetheless, the Maine Attorney General was notified that the breach impacted 92,332 persons, which includes 85 Maine locals.
