Richmond Behavioral Health Authority Data Breach: SSNs Exposed
By Join The Case · Published December 18, 2025 · Updated December 18, 2025 · 6 min read
File Your Claim Now

Dapeer Law, P.A., a top-rated class action law firm, is investigating the Richmond Behavioral Health Authority data breach. If you received notice that your information was exposed during this breach, you may be entitled to compensation. It's free to join our investigation to see if we can help you recover.

See Featured Articles
Petco Data Breach Affects Subscriber Privacy Petco Data Breach Affects Subscriber Privacy Were you hired to help train AI models? Were you hired to help train AI models? Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? The Washington Post Data Breach: SSNs Exposed The Washington Post Data Breach: SSNs Exposed Late-Night and Early-Morning Unwanted Text Messages Late-Night and Early-Morning Unwanted Text Messages

Richmond Behavioral Health Authority Data Breach Lawsuit Investigation

On December 17, 2025, Richmond Behavioral Health Authority (RBHA) filed a data-breach notice with the Massachusetts Attorney General after a ransomware attack compromised parts of its network. If you received a letter from RBHA, read on to understand what happened, what information may have been exposed, and how to protect your legal rights. Individuals seeking to pursue claims should act quickly to preserve evidence and deadlines.

Download Official Breach Notice (PDF)

Key Takeaways

  • Breach type: Ransomware with potential data access
  • Breach window: Malicious access began September 29, 2025; discovered September 30, 2025
  • Individuals affected: 29 (reported in Massachusetts)
  • Data involved: Names, Social Security numbers, passport numbers, credit/debit card data, driver’s license numbers, financial account details, and medical/health information
  • Status: Investigation ongoing; no misuse reported as of the notice date

Timeline of Events

September 29, 2025 — RBHA’s network was accessed by malicious actors and ransomware was deployed.

September 30, 2025 — RBHA discovered the intrusion, terminated access, and engaged third-party cybersecurity experts.

December 17, 2025 — RBHA reported the incident to the Massachusetts Attorney General and mailed notification letters to affected individuals.

What Personal Information Was Involved?

According to RBHA’s notice, the following data elements may have been viewed or acquired:

  • Full name or first initial and last name
  • Social Security number
  • Passport number
  • Driver’s license number
  • Financial account information
  • Credit/debit card numbers
  • Medical and other health information

Steps RBHA Has Taken

RBHA reports that it:

  • Immediately involved internal IT staff and outside cybersecurity specialists
  • Secured and isolated compromised systems
  • Continues to investigate the scope of the incident
  • Is implementing additional safeguards and reviewing data-privacy policies and procedures

Actions You Can Take Right Now

The notification letter’s “Additional Resources” section outlines protective measures including:

  • Placing a fraud alert or security freeze with major credit bureaus
  • Reviewing Federal Trade Commission guidance on identity-theft prevention
  • Monitoring financial and medical statements for unfamiliar activity

Legal Options and Potential Claims

Under state and federal laws, individuals affected by a data breach may seek monetary relief for out-of-pocket expenses, time lost, and potential future harm. Consultation with experienced counsel can clarify eligibility and next steps.

Company Overview

Website: rbha.org

Headquarters: 107 South Fifth Street, Richmond, VA, United States

Industry: Behavioral Health Services

Year Founded: 1996

Social: Facebook | Instagram | LinkedIn

Frequently Asked Questions

I received a data breach letter from Richmond Behavioral Health Authority — what should I do?

Review the letter carefully, follow RBHA’s recommended steps for fraud alerts or credit freezes, and document any suspicious activity. Consider consulting an attorney about potential claims.

What information did the Richmond Behavioral Health Authority breach expose?

The notice states that names, Social Security numbers, passport numbers, driver’s license numbers, credit/debit card numbers, financial account data, and medical information may have been involved.

How many people were affected by the Richmond Behavioral Health Authority breach?

RBHA reported 29 impacted individuals to the Massachusetts Attorney General.

How do I submit a claim related to the Richmond Behavioral Health Authority data breach?

Contact a qualified data-breach attorney with your notification letter and any evidence of fraud or identity theft to discuss eligibility and filing deadlines.

Did Richmond Behavioral Health Authority offer credit monitoring?

The December 17, 2025 notice does not mention complimentary credit-monitoring services.

How can I get the official breach notice (PDF) for Richmond Behavioral Health Authority?

The notice is available from the Massachusetts Attorney General’s website. Use the “Download Official Breach Notice (PDF)” button above.

Attorney Advertising. Prior results do not guarantee a similar outcome.

File Your Claim Now