BayMark Health Services reports data breach

BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, is reporting a data breach affecting their patients.

The incident was discovered on October 11, 2024, following an IT systems disruption, with unauthorized access occurring between September 24 and October 14, 2024. BayMark took steps to secure their systems, launched an investigation with the assistance of third-party forensic experts, and notified law enforcement.

The breach has been claimed by the RansomHub ransomware gang (formerly known as Cyclops and Knight), which reportedly stole 1.5TB of data from BayMark's systems. The exposed data types include:

• Personal Information:
  • Names
  • Social Security numbers
  • Driver's license numbers
  • Dates of birth
• Healthcare Information:
  • Services received and dates of service
  • Insurance information
  • Treatment and diagnostic information
  • Treating provider details

The exact number of affected individuals has not been disclosed.

On January 8, 2025, BayMark Health Services sent out data breach letters to anyone who was affected by the recent data security incident. The organization is offering one year of free Equifax identity monitoring services to affected individuals whose Social Security or driver's license numbers were exposed.