Oglethorpe, Inc. Confirms Data Breach Affecting Over 90,000 Individuals

Oglethorpe, Inc reported that in May, cyber criminals infiltrated its internal systems, compromising and gaining access to the personal information of both employees and patients.

 

Oglethorpe Inc. is a healthcare management company that owns and operates behavioral health and residential treatment hospitals, including several in Florida. The company provides management services to these facilities, which include psychiatric care, substance abuse treatment, and eating disorder therapy.

 

In a data security incident notice filed with the Office of Maine Attorney General, Oglethorpe said that on June 6, it identified unauthorised access within its internal network. The healthcare management company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected systems and notified relevant law enforcement authorities about the same.

 

“Our investigation which concluded on September 16, 2025, determined an unauthorised third party acquired certain individual personal information during this incident,” Oglethorpe said.

 

The compromised data included names, dates of birth, driver’s license numbers, Social Security numbers, and medical information. The filing with the Maine state regulator’s office also states that the healthcare management company has identified at least 92,332 individuals affected by the incident.

 

“We wiped and rebuilt affected systems and have taken steps to bolster our network security. We are also reviewing and altering our policies, procedures, and network security software relating to the security of our systems and servers, as well as how we store and manage data. Further, we notified the FBI and are fully cooperating with their investigation,” Oglethorpe added.

 

While the healthcare management company found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through TransUnion to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Oglethorpe, Inc. The healthcare management company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.