Ohio healthcare provider Maryhaven reports data breach affecting patient information

Maryhaven, a Columbus-based provider of residential and outpatient medical services, is reporting a data breach that exposed sensitive patient information.

The security breach was initially discovered on June 1, 2024, when Maryhaven detected unauthorized activity within its network systems. An investigation revealed that an unauthorized actor had gained access to the company's systems on May 30, 2024, and continued to acquire sensitive information until February 12, 2025 -  a breach period of over eight months. The compromised information includs:

• Contact information
• Dates of birth
• Driver's license numbers
• Medical diagnoses
• Social Security numbers
• Health insurance information

The nature of the attack and number of affected individuals has not been disclosed. It's unclear how the breach was first detected on 1st of June 2024, but the attack continued until February 2025.

Maryhaven has reported the incident to law enforcement, notified the Department of Health and Human Services Office of Civil Rights and issued a public notice due to difficulties in locating current addresses for all affected individuals.

Maryhaven is offering  free access to single bureau credit monitoring services through Cyberscout for individuals whose Social Security numbers were compromised. Individuals should contact 1-800-405-6108 if unsure whether their Social Security number was involved.

According to the company, there have been no reports of identity fraud related to this incident to date.