Healthcare and substance abuse treatment provider BayMark Health Services has started notifying patients that their personal information was stolen in a data breach resulting from a ransomware attack.

The Texas-based company runs one of the largest addiction treatment services in the US, operating roughly 200 facilities and over 380 programs in 35 states, and treating more than 70,000 patients every day.

This week, BayMark submitted data breach notices to Attorney General’s Offices in several states, including California and Vermont, revealing that it has started notifying patients of a data breach affecting their personal information.

“On January 8, 2025, we began mailing notification letters to certain patients whose information related to some of the services they received from the facilities was involved in an incident,” BayMark says in an incident notice on its website.

The data breach, the company says, was the result of a security incident “that disrupted the operations of some of our IT systems”.

BayMark’s investigation determined that, between September 24 and October 14, the attackers accessed some files on its systems, including files containing patient information such as names, dates of birth, driver’s license numbers, Social Security numbers, insurance information, and diagnosis and treatment information.

The company is providing the impacted individuals with one year of free identity protection and credit monitoring services, but has not shared information on how many people might have been affected.

“We are offering complimentary identity monitoring services to patients whose Social Security numbers or driver’s license numbers may have been involved. Additionally, it is always a good idea for patients to remain vigilant and review their statements for suspicious activity,” the company said.

While BayMark did not provide details on the disruptive attack, the Ransomhub ransomware group added the healthcare provider to its Tor-based leak site in October, claiming the theft of roughly 1.5 terabytes of data from its systems. The group has since made the allegedly stolen data publicly available.

SecurityWeek has emailed BayMark for additional information on the incident and on the number of impacted individuals and will update this article as soon as a reply arrives. 

Related: Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme

Related: Cyberattack Disrupts Systems of Gambling Giant IGT

Related: New Mexico Agencies on Edge Amid Rising Ransomware Attacks

Related: Major Auto Parts Firm LKQ Hit by Cyberattack