Devereux Foundation Hit by Ransomware Attack, Exposing Sensitive Data
The Devereux Foundation, a national behavioral health organization operating 14 centers across 13 states, disclosed a ransomware attack that compromised sensitive personal and financial data. The incident was detected on November 9, 2025, when suspicious activity was identified within the organization’s electronic systems.
The ransomware group The Gentlemen claimed responsibility, announcing on November 28, 2025, via the dark web that they had exfiltrated data and threatened to publish it. Exposed information includes names, demographic details, clinical records, and financial data, potentially affecting current and former employees, clients, donors, payors, and business partners.
Devereux, founded in 1912 and employing over 6,000 people, has not confirmed the full extent of the breach but acknowledged the risk to affected individuals. The law firm Shamis & Gentile P.A. is investigating potential class action litigation for those impacted, citing possible compensation for damages.
The breach underscores ongoing cybersecurity risks in the healthcare sector, where sensitive data remains a prime target for ransomware groups. Affected parties have been advised to monitor financial accounts and credit reports for signs of misuse.
Source: https://www.claimdepot.com/investigations/the-devereux-foundation-data-breach-2026
Devereux cybersecurity rating report: https://www.rankiteo.com/company/devereux
"id": "DEV1768259865",
"linkid": "devereux",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Current and former employees, '
'clients, donors, payors, and '
'business partners',
'industry': 'Behavioral Health',
'location': '13 states (U.S.)',
'name': 'The Devereux Foundation (Devereux Advanced '
'Behavioral Health)',
'size': '6,000+ employees',
'type': 'Nonprofit Organization'}],
'customer_advisories': 'Instructions for affected individuals to monitor '
'accounts, place fraud alerts, and enroll in credit '
'monitoring',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Demographic information',
'Clinical information',
'Financial information']},
'date_detected': '2025-11-09',
'date_publicly_disclosed': '2025-11-28',
'description': 'The Devereux Foundation discovered suspicious activity within '
'its electronic systems on November 9, 2025. A ransomware '
'group known as The Gentlemen claimed responsibility for the '
'attack, announcing on the dark web on November 28, 2025, that '
'they had obtained data from Devereux and intended to publish '
'it within days. Sensitive personally identifiable '
'information, including names, demographic information, '
'clinical information, and financial information, was exposed.',
'impact': {'data_compromised': 'Sensitive personally identifiable '
'information, including names, demographic '
'information, clinical information, and '
'financial information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing (class action lawsuit investigation)',
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': ['Monitor account statements and credit reports for '
'unauthorized activity',
'Obtain free annual credit reports from Equifax, '
'Experian, and TransUnion',
'Place a fraud alert or credit freeze on credit files',
'Enroll in complimentary credit monitoring services if '
'offered',
'Stay vigilant for 12 to 24 months due to long-term '
'identity theft risks'],
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit '
'investigation'},
'response': {'communication_strategy': 'Advisories to affected individuals, '
'instructions for credit monitoring '
'and fraud alerts'},
'threat_actor': 'The Gentlemen',
'title': 'The Devereux Foundation Data Breach',
'type': 'Ransomware'}