Oglethorpe, Inc., a Tampa-based private healthcare management company specializing in behavioral health, addiction recovery, and psychiatric treatment, suffered a cyberattack in June 2025 resulting in unauthorized access to its internal systems. The breach exposed sensitive personally identifiable information (PII) of 92,332 individuals, including current and former patients across multiple states (Florida, Pennsylvania, Ohio, Louisiana, Texas). Compromised data included full names, dates of birth, driver’s license numbers, Social Security numbers, and medical records. The incident was investigated until September 16, 2025, with notifications sent to affected individuals by October 31, 2025. The breach was also reported to the Maine Attorney General’s office. Oglethorpe offered 12 months of free credit monitoring via TransUnion Cyberscout to mitigate risks like identity theft and fraud. Legal firms, including Shamis & Gentile P.A., are investigating potential compensation claims for victims, citing significant harm due to the exposure of highly sensitive health and financial data.
Source: https://www.claimdepot.com/investigations/oglethorpe-inc-data-breach-2025
TPRM report: https://www.rankiteo.com/company/oglethorpe-inc
"id": "ogl5492554110325",
"linkid": "oglethorpe-inc",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '92,332 individuals',
'industry': 'Healthcare Management (Behavioral Health, '
'Addiction Recovery, Psychiatric '
'Treatment)',
'location': 'Tampa, Florida, USA (operations in '
'Florida, Pennsylvania, Ohio, Louisiana, '
'Texas)',
'name': 'Oglethorpe, Inc.',
'type': 'Private Company'}],
'customer_advisories': ['Credit monitoring enrollment instructions',
'Steps to protect against identity theft (fraud '
'alerts, credit reports)',
'Legal rights and compensation eligibility'],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '92,332',
'personally_identifiable_information': ['Full name',
'Date of birth',
'Driver’s license '
'number',
'Social Security '
'number',
'Medical records'],
'sensitivity_of_data': 'High (includes SSN, medical data, '
'driver’s license numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-06',
'date_publicly_disclosed': '2025-10-31',
'date_resolved': '2025-09-16',
'description': 'Oglethorpe, Inc., a private healthcare management company, '
'experienced a cyberattack in June 2025 involving unauthorized '
'access to its internal systems. The breach compromised '
'sensitive personally identifiable information (PII) of 92,332 '
'current and former patients across multiple states. The '
'exposed data included names, dates of birth, driver’s license '
'numbers, Social Security numbers, and medical information. '
'The company completed its investigation on Sept. 16, 2025, '
'and began notifying affected individuals on Oct. 31, 2025. '
'Credit monitoring services were offered to victims, and the '
"incident was reported to the Maine Attorney General's office.",
'impact': {'brand_reputation_impact': 'Potential harm due to exposure of '
'sensitive PII; legal investigations '
'ongoing',
'data_compromised': ['First and last name',
'Date of birth',
'Driver’s license number',
'Social Security number',
'Medical information'],
'identity_theft_risk': 'High (SSN, driver’s license, and medical '
'data exposed)',
'legal_liabilities': 'Potential lawsuits and compensation claims',
'systems_affected': ['Internal systems']},
'investigation_status': 'Completed (as of Sept. 16, 2025)',
'recommendations': ['Enroll in offered credit monitoring (TransUnion '
'Cyberscout)',
'Monitor financial statements for suspicious activity',
'Place a fraud alert on credit reports',
'Request free annual credit reports from major bureaus',
'Seek legal counsel for potential compensation'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'source': 'Oglethorpe, Inc. Notice of Data Security Incident'},
{'date_accessed': '2025-10-31',
'source': "Maine Attorney General's Office Disclosure"}],
'regulatory_compliance': {'legal_actions': 'Under investigation (potential '
'class-action lawsuits)',
'regulatory_notifications': 'Maine Attorney '
"General's office "
'(notified Oct. 31, '
'2025)'},
'response': {'communication_strategy': 'Mail notifications (sent Oct. 31, '
'2025), website notice, disclosure to '
'Maine Attorney General',
'incident_response_plan_activated': 'Yes (investigation '
'completed by Sept. 16, '
'2025)',
'recovery_measures': 'Offered 12 months of free TransUnion '
'Cyberscout single-bureau credit monitoring '
'to affected individuals'},
'stakeholder_advisories': 'Mail notifications to affected individuals; '
'website notice',
'title': 'Oglethorpe, Inc. Data Breach (2025)',
'type': 'Data Breach / Unauthorized Access'}