MACT Health Board and Jefferson Blount St. Clair: Birmingham mental health authority warns 30,000+ people of data breach that leaked SSNs and medical info

Ransomware Attack on Alabama Mental Health Provider Exposes 30,000 Patients’ Data

The Jefferson Blount St. Clair (JBS) Mental Health Authority in Birmingham, Alabama, has disclosed a November 2025 ransomware attack affecting 30,434 individuals. The breach compromised sensitive personal and medical data, including names, Social Security numbers, health insurance details, dates of birth, diagnoses, treatment records, and Medicare/Medicaid information, spanning records from 2011 to 2025.

The ransomware group Medusa claimed responsibility on December 23, 2025, demanding a $200,000 ransom to destroy 168.6 GB of stolen data. The group posted sample documents as proof, though their authenticity remains unverified. JBS has not confirmed Medusa’s involvement, nor disclosed whether a ransom was paid or how the breach occurred. The organization’s notice to victims did not include offers of credit monitoring or identity theft protection.

Medusa, active since 2019 and operating a ransomware-as-a-service (RaaS) model, has increasingly targeted healthcare providers. In 2025 alone, the group claimed 35 confirmed attacks over half in the healthcare sector exposing 1.76 million individuals’ data. Healthcare victims faced an average ransom demand of $454,000.

The JBS incident is part of a broader surge in healthcare ransomware attacks in 2025. Comparitech researchers recorded 113 confirmed attacks on U.S. hospitals and clinics, compromising 8.9 million patients’ records. Other recent breaches include:

• Neurological Associates of Washington (13,500 victims, claimed by DragonForce)
• MACT Health Board (Rhysida demanded $662,000)
• Alpine Ear, Nose & Throat (65,648 victims, claimed by BianLian)

Such attacks disrupt critical systems, forcing providers to cancel appointments, divert patients, or revert to manual records, while exposing sensitive data to potential misuse.

JBS operates four mental health facilities across Jefferson, Blount, and St. Clair counties in Alabama. The full impact of the breach remains under investigation.

Source: https://www.comparitech.com/news/birmingham-mental-health-authority-warns-30000-people-of-data-breach-that-leaked-ssns-and-medical-info/

MACT Health Board, Inc. cybersecurity rating report: https://www.rankiteo.com/company/mact-health-board-inc.

Jbs Mental Health Authority cybersecurity rating report: https://www.rankiteo.com/company/jbs-mental-health-authority

"id": "MACJBS1770408307",
"linkid": "mact-health-board-inc., jbs-mental-health-authority",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '30,434',
                        'industry': 'Mental Health',
                        'location': 'Birmingham, Alabama, USA',
                        'name': 'Jefferson Blount St. Clair (JBS) Mental '
                                'Health Authority',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Notice to victims (without credit monitoring or '
                        'identity theft protection offers)',
 'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
                 'data_exfiltration': '168.6 GB of stolen data',
                 'number_of_records_exposed': '30,434',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Social Security numbers',
                                              'Health insurance details',
                                              'Dates of birth',
                                              'Diagnoses',
                                              'Treatment records',
                                              'Medicare/Medicaid information']},
 'date_detected': '2025-11',
 'date_publicly_disclosed': '2025-12-23',
 'description': 'The Jefferson Blount St. Clair (JBS) Mental Health Authority '
                'in Birmingham, Alabama, disclosed a November 2025 ransomware '
                'attack affecting 30,434 individuals. The breach compromised '
                'sensitive personal and medical data, including names, Social '
                'Security numbers, health insurance details, dates of birth, '
                'diagnoses, treatment records, and Medicare/Medicaid '
                'information. The ransomware group Medusa claimed '
                'responsibility, demanding a $200,000 ransom to destroy 168.6 '
                'GB of stolen data.',
 'impact': {'data_compromised': "30,434 individuals' records",
            'identity_theft_risk': 'High',
            'operational_impact': 'Disruption of services, potential '
                                  'cancellation of appointments, diversion of '
                                  'patients, or reversion to manual records'},
 'investigation_status': 'Under investigation',
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransom_demanded': '$200,000',
                'ransomware_strain': 'Medusa'},
 'references': [{'source': 'Comparitech'}],
 'response': {'communication_strategy': 'Notice to victims (without credit '
                                        'monitoring or identity theft '
                                        'protection offers)'},
 'threat_actor': 'Medusa',
 'title': 'Ransomware Attack on Alabama Mental Health Provider Exposes 30,000 '
          'Patients’ Data',
 'type': 'Ransomware'}