Harbor Mental Health Services reports data breach exposing patient and employee data
Learn More
Harbor, a mental health and substance use disorder treatment provider based in Toledo, Ohio, is reporting a data breach that potentially exposed personal and protected health information of patients and employees.
The organization detected the security incident in early August 2025. The investigation determined that an unauthorized person accessed and took files from the network between July 25 and August 1, 2025. The organization notified law enforcement of the incident and engaged cybersecurity experts to assist with the investigation and response.
The exposed information includes:
- Names
- Addresses
- Dates of birth
- Social Security numbers
- Driver's license numbers or other state identification numbers
- Medical diagnosis and treatment information
- Clinical information
- Financial account information
- Health insurance information
The nature of the attack and number of affected individuals has not been disclosed by Harbor.
On September 30, 2025, Harbor began sending notification letters to affected individuals for whom the organization has current mailing addresses. The organization also informed patients, employees, and board members about the data breach.
Harbor has established a dedicated hotline at 855-291-2669 for affected individuals with questions about the incident. The hotline is available Monday through Friday from 9 a.m. to 9 p.m.
