JBS Mental Health Authority Ransomware Attack Impacts 30,000 Individuals

JBS Mental Health Authority, a healthcare provider in Alabama, reports a data breach after a ransomware attack on November 25, 2025. The incident impacted over 30,000 people. 

An attacker breached JBS network infrastructure, apparently stole data and used ransomware to encrypt systems and disrupt access to data. The investigation confirmed the exposed files contained data of patients and employees from 2011 through 2025. The compromised data includes:

• Full names and dates of birth
• Social Security numbers
• Medical diagnoses and treatment information
• Prescription and medication details
• Health insurance and Medicare/Medicaid information
• Medical record numbers and physician names
• Billing and claims information

JBS isolated affected systems and rebuilt them. The organization is affected individuals. Law enforcement and regulators have been notified. It's not clear whether the organization will offer complimentary identity protection and credit monitoring services.