Data breach at Western Montana Mental Health Center exposes personal information of over 85,000 people

Western Montana Mental Health Center said a data security incident it suffered last year compromised the sensitive personal data of more than 85,000 individuals.

 

Based in Missoula, Montana, Western Montana Mental Health Center is a comprehensive behavioural healthcare provider, serving individuals and families facing mental health and substance use disorders.

 

In a data security incident notice published on its website, WMMHC said that on September 15, it experienced a network disruption. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“As a result of the investigation, it determined that certain files were accessed without authorisation. WMMHC then engaged a third- party data review team to conduct a comprehensive review of those files, and, on or about May 27, 2025, learned that personal and protected health information belonging to WMMHC was contained within the potentially affected data.” WMMHC said.

 

The compromised data included names, Social Security numbers, driver’s license numbers, dates of birth, state or federal identification numbers, medical information, financial account information, and health insurance information.

 

In a filing with the Office of Maine Attorney General, WMMHC said that it has identified at least 86,758 individuals impacted by the incident.

 

“As soon as WMMHC discovered this incident, it implemented measures to further enhance the security of its network environment and minimise the risk of a similar incident occurring in the future. WMMHC also notified the Federal Bureau of Investigation and will cooperate with any resulting investigation,” the healthcare provider added.

 

WMMHC has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on WMMHC. The healthcare provider also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.