RBHA Hit by Ransomware Attack, Exposing Sensitive Data of Over 113,000 Individuals
On September 29, 2025, Richmond Behavioral Health Authority (RBHA) suffered a ransomware attack that compromised the personally identifiable information (PII) and protected health information (PHI) of at least 113,232 individuals across the U.S. Malicious actors breached RBHA’s network, deploying ransomware that encrypted portions of the organization’s systems.
The intrusion was detected and contained the following day, September 30. While RBHA found no definitive evidence that the exposed data was accessed or misused, the organization could not rule out the possibility, prompting notifications to affected individuals as a precaution.
The breach exposed highly sensitive details, including full names, Social Security numbers, passport numbers, financial account information, and medical records. This combination of data heightens the risk of identity theft and fraud for those impacted.
RBHA reported the incident to the U.S. Department of Health and Human Services on November 28, 2025, and published a Notice of Data Breach on its website. Affected individuals were notified by mail.
In response, RBHA engaged internal IT teams and third-party cybersecurity experts to investigate the breach, secure its systems, and prevent further compromise. The organization has also set up a dedicated hotline (844-572-2716) for impacted individuals seeking assistance.
Source: https://www.claimdepot.com/data-breach/richmond-behavioral-health-authority-2025
Richmond Behavioral Health cybersecurity rating report: https://www.rankiteo.com/company/richmond-behavioral-health-authority
"id": "RIC1765994552",
"linkid": "richmond-behavioral-health-authority",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '113,232',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Richmond Behavioral Health Authority (RBHA)',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Dedicated toll-free hotline (844-572-2716) for '
'affected individuals',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'number_of_records_exposed': '113,232',
'personally_identifiable_information': ['Full name',
'Social Security '
'number',
'Passport number',
'Financial account '
'information',
'Medical information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)']},
'date_detected': '2025-09-30',
'date_publicly_disclosed': '2025-11-28',
'description': 'Richmond Behavioral Health Authority (RBHA) experienced a '
'significant data security incident that exposed personally '
'identifiable information (PII) and protected health '
'information (PHI) of at least 113,232 individuals in the '
'United States. Malicious actors gained unauthorized access to '
'RBHA’s network and deployed ransomware, encrypting portions '
'of the organization’s systems.',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Portions of RBHA’s network'},
'investigation_status': 'Ongoing',
'ransomware': {'data_encryption': 'Yes'},
'recommendations': ['Monitor bank and credit card accounts for unauthorized '
'transactions',
'Obtain and review free credit reports from major credit '
'bureaus',
'Consider placing a fraud alert or credit freeze on '
'credit files',
'Watch for suspicious emails, phone calls, or mail '
'related to the breach'],
'references': [{'source': 'RBHA Notice of Data Breach'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['Reported to U.S. '
'Department of Health '
'and Human Services']},
'response': {'communication_strategy': 'Notice of Data Breach on website, '
'mailed notifications to affected '
'individuals',
'containment_measures': 'Terminated unauthorized access',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Secured personal information and '
'protected network from further '
'compromise',
'third_party_assistance': 'Yes (cybersecurity experts)'},
'title': 'Richmond Behavioral Health Authority (RBHA) Data Security Incident',
'type': 'Ransomware Attack'}