Bradford Health Services reports data breach exposing sensitive patient and employee information
Learn More
Bradford Health Services, an addiction treatment provider operating across the southeastern United States, is reporting a significant data security incident that potentially compromised the personal and protected health information of current and former employees and patients.
The Birmingham, Alabama-based healthcare organization, which has been providing addiction treatment services for over 40 years, announced the breach through written notifications sent to affected individuals on May 30, 2025.
The incident was first detected on December 8, 2023. After discovering suspicious activity on their network, Bradford Health started an investigation with the assistance of third-party cybersecurity specialists. The investigation determined that certain files stored on the company's network systems may have been accessed and acquired without authorization by unknown threat actors.
The investigation took almost 1.5 years, concluding on May 15, 2025. The exposed data includes:
- Names
- Driver's license numbers
- Dates of birth
- Medical information (including diagnosis and treatment information, physician names, and Medical Record numbers)
- Health insurance information
- Financial account numbers
- Passport numbers
- Payment card numbers plus means of access to accounts
- Social Security numbers
The nature of the attack and the number of affected individuals has not been disclosed. The company only specified that the incident potentially impacted "certain current and former employees and patients".
It's not clear whether Bradford Health has notified the affected individuals and whether they are offering credit monitoring and identity theft protection services to the impacted people.
