Richmond Behavioral Health Authority reports ransomware attack exposing data of 113,000 people
Learn More
The Richmond Behavioral Health Authority (RBHA), a nonprofit mental health provider based in Virginia, reports a ransomware incident.
Hackers broke into the organization's network servers and deployed encryption software to lock down systems. RBHA staff detected the incident on September 30, 2025, and moved to cut off the attackers' connection to the network.
The Qilin ransomware group claimed responsibility for the breach by listing RBHA on its dark web leak site. RBHA reports that it found no definitive evidence that hackers viewed or misused the files but the group's typical tactics involve stealing data before starting the encryption process.
So it's very likely that the attackers stole data before encryption.
The incident exposed data of 113,232 individuals. The exposed data includes:
- Full names
- Social Security numbers
- Passport numbers
- Financial account information
- Health records and medical history
The organization started notifying all affected individuals to comply with federal disclosure laws and provide guidance on identity protection. RBHA suggests that victims consider placing fraud alerts or credit freezes on their accounts to mitigate the risk of identity theft. Affected individuals can contact RBHA at 844-572-2716, toll-free Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time (excluding major U.S. holidays).
