Mental Health Association Inc. Confirms Data Breach

Published
April 1, 2025
Updated
April 1, 2025
Mental Health Association Inc. Confirms Data Breach
Mental Health Association
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Mental Health Association

data breach?

Join the Lawsuit

It's free to join. 

On December 2, 2024, Mental Health Association Inc. ("MHA") discovered that its systems had potentially been compromised by an unauthorized actor. Upon discovering this incident, MHA immediately collaborated with their Managed Service Provider (MSP) to secure their systems. Additionally, MHA engaged a specialized third-party cybersecurity firm to conduct a forensic investigation into their network environment to determine the exact nature and scope of the breach.

Currently, the forensic investigation is still ongoing, and MHA is in the process of analyzing the results. At this point, it is unclear exactly how many individuals were affected and precisely what types of information were exposed. However, MHA has confirmed that the breach may have resulted in unauthorized access to sensitive consumer data.

Once the forensic investigation is complete, MHA will identify all affected individuals and the specific types of personal information involved. Formal notification letters will then be mailed directly to those impacted.

As of April 1, 2025, MHA has not received any reports of identity theft or fraudulent misuse of personal information linked to this incident. However, given the nature of MHA's services, it is possible that both personally identifiable information (PII) and protected health information (PHI) could have been exposed.

PII typically includes names, addresses, Social Security numbers, dates of birth, and other identifying details. PHI may involve medical history, treatment information, insurance details, and other sensitive health-related data.

Mental Health Association's Response

Since discovering the breach, MHA has taken several actions to mitigate further risk and protect consumer information. First, MHA disconnected all access to their network and worked diligently to restore operations in a secure manner. They have also enhanced their security measures to prevent similar breaches from occurring in the future.

To assist potentially affected individuals, MHA has provided detailed guidance on how to protect against identity theft and fraud. They recommend that consumers regularly review account statements, monitor credit reports, and remain vigilant for suspicious activity. Additionally, MHA has provided comprehensive resources and instructions for placing fraud alerts or credit freezes on credit files.

If you believe you may have been affected by this breach, MHA suggests contacting your financial institution and the major credit bureaus to inform them of the incident. You can request a free credit report by visiting AnnualCreditReport.com. For more detailed information about this incident, MHA has published a Preliminary Substitute Notice on their website.

MHA has established a dedicated toll-free phone line for individuals who have questions or concerns about the breach. Consumers can call 888-802-9364 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Standard Time (excluding U.S. national holidays).

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
Date of Breach
Breach Discovered Date
December 2, 2024
Total People Affected
Information Types Exposed
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image