Counseling Center of Wayne and Holmes Counties Suffers Major Data Breach Affecting 83,354 Individuals
A significant data breach at the Counseling Center of Wayne and Holmes Counties, a nonprofit mental health provider based in Wooster, Ohio, has exposed sensitive personal and medical information of 83,354 individuals across the U.S. The incident, discovered on March 3, 2025, stemmed from unauthorized access to one of the center’s servers the prior day.
The breach was first detected after a third-party service provider reported system disruptions. An internal investigation revealed that an unauthorized entity accessed and exfiltrated data on March 2–3, 2025. The center responded by containing the breach, resetting credentials, and engaging cybersecurity experts to assess the scope of the compromise.
After a nine-month investigation, the center concluded its analysis on December 9, 2025, and began notifying affected individuals via written notices on February 9, 2026. The Maine Attorney General’s office was also notified, as two state residents were impacted.
Exposed data includes:
- Names, dates of birth, and Social Security numbers
- Driver’s license or state ID numbers
- Health insurance details and medical conditions
- Treatment provider names, medical record numbers, and diagnosis/treatment information
- Cost details related to medical care
The Counseling Center, founded in 1953, provides mental health services including counseling, crisis intervention, and telehealth to children, adults, and families in Wayne and Holmes counties. The breach has prompted legal action, with law firm Shamis & Gentile P.A. investigating potential compensation claims for affected individuals.
Source: https://www.claimdepot.com/investigations/counseling-center-of-wayne-and-holmes-data-breach-2026
OneEighty, Inc. cybersecurity rating report: https://www.rankiteo.com/company/oneeighty-inc.
"id": "ONE1770753425",
"linkid": "oneeighty-inc.",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '83,354',
'industry': 'Healthcare (Mental Health Services)',
'location': 'Wooster, Ohio, USA',
'name': 'Counseling Center of Wayne and Holmes '
'Counties',
'type': 'Nonprofit Organization'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Written notices sent to affected individuals on '
'February 9, 2026',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '83,354',
'personally_identifiable_information': 'Names, dates of '
'birth, Social '
'Security numbers, '
'driver’s '
'license/state ID '
'numbers, health '
'insurance details, '
'medical conditions, '
'treatment provider '
'names, medical record '
'numbers, '
'diagnosis/treatment '
'information, cost '
'details related to '
'medical care',
'sensitivity_of_data': 'High (SSNs, medical records, '
'insurance details)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-03-03',
'date_publicly_disclosed': '2026-02-09',
'date_resolved': '2025-12-09',
'description': 'A significant data breach at the Counseling Center of Wayne '
'and Holmes Counties, a nonprofit mental health provider, '
'exposed sensitive personal and medical information of 83,354 '
'individuals across the U.S. due to unauthorized access to one '
'of the center’s servers.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'legal action and breach disclosure',
'data_compromised': 'Sensitive personal and medical information',
'identity_theft_risk': 'High (exposure of SSNs, driver’s licenses, '
'and medical records)',
'legal_liabilities': 'Potential compensation claims under '
'investigation',
'operational_impact': 'System disruptions reported by a '
'third-party service provider',
'systems_affected': 'Server'},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': 'Credential resets, '
'containment measures, and '
'engagement of cybersecurity '
'experts',
'root_causes': 'Unauthorized access to server'},
'references': [{'source': 'Maine Attorney General’s office'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'under investigation by Shamis & '
'Gentile P.A.',
'regulations_violated': ['HIPAA (potential)'],
'regulatory_notifications': 'Maine Attorney '
'General’s office '
'notified'},
'response': {'communication_strategy': 'Written notices to affected '
'individuals, notification to Maine '
'Attorney General’s office',
'containment_measures': 'Server access contained, credentials '
'reset',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Investigation and data breach analysis',
'third_party_assistance': 'Cybersecurity experts engaged'},
'title': 'Counseling Center of Wayne and Holmes Counties Data Breach',
'type': 'Data Breach'}