Montana mental health clinic breach exposes patients’ medical info

Published: 20 July 2025
Last updated: 18 July 2025
Mental health hacker attack
Image by Cybernews.

What was thought to be a network disruption turned out to be a cyberattack exposing tens of thousands of Western Montana Mental Health Center (WMMHC) patients.

Attackers breached the Montana mental health clinic in September 2024, WMMHC told impacted individuals via a data breach notice. According to information that the healthcare org submitted to the Maine Attorney General’s Office, nearly 87,000 people were impacted by the attack.

WMMHC was alerted after its security team noticed a network disruption, which prompted the organization to immediately launch an investigation. After working with third-party cybersecurity experts, the clinic learned that attackers had accessed some sensitive details stored on its systems.

ADVERTISEMENT
Gintaras Radauskas Stefanie Paulina Okunyte Marcus Walsh profile
Get our latest stories today on Google News
Google News Follow us

WMMHC’s notice shared on its website indicates that cybercrooks may have accessed:

  • Social Security numbers
  • Driver’s license numbers
  • Dates of birth
  • State or federal ID numbers
  • Medical information
  • Financial account information
  • Health insurance information

“Of note, not all information was involved for all individuals, and WMMHC has no evidence of the misuse, or attempted misuse, of any potentially affected data,“ the clinic’s breach notice said.

However, at least in theory, malicious actors could try to exploit the stolen details for identity theft, insurance fraud, and blackmail. Moreover, cybercriminals seek medical details because they enable them to commit insurance fraud and submit fraudulent claims for prescription drugs.

Another area of risk is targeted phishing campaigns, in which threat actors impersonate doctors and other medical professionals and demand that patients reveal sensitive information or peddle malware.

Has my data been leaked?
Check Now

Exposed individuals may face an elevated risk of identity theft, one of the most common and devastating cybercrimes. What makes matters worse is that the crime is often noticed only after the victim’s financial or digital presence has been compromised.

ADVERTISEMENT

According to the Federal Trade Commission, in 2024, there were over 1.1 million reports of identity theft, with credit card misuse being the most common form. Separately, the FTC received approximately 2.6 million reports of fraud. Victims of identity theft alone lost millions of dollars over the course of the year.

Another risk that users face is phishing attacks. Attackers may use exposed data for tailor-made phishing campaigns that focus on transportation industry workers, attempting to lure more personal details. The FBI reported that potential losses exceeded $12.5 billion from various internet crimes, with phishing being a significant contributor​.

While cybercriminals often target healthcare organizations, they don’t shy away from mental health clinics, which often house troves of sensitive details. For example, recently, threat actors have breached the Georgia-based Mental Health Association (MHA).

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT