Willamette Family Data Breach Exposes Sensitive PII and PHI

Published
April 2, 2025
Updated
April 2, 2025
Willamette Family Data Breach Exposes Sensitive PII and PHI
Willamette Family Therapy
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Willamette Family Therapy

data breach?

Join the Lawsuit

It's free to join. 

On September 12, 2024, Willamette Family became aware of unauthorized access to one of its email accounts. Upon further investigation, the organization discovered that additional email accounts had also been compromised, with the unauthorized activity potentially dating back to May 29, 2024.

The breach involved unauthorized individuals gaining access to sensitive information stored within these compromised email accounts. The types of personally identifiable information (PII) and protected health information (PHI) exposed include names, contact information, dates of birth, Social Security numbers, financial account information, medical record numbers, patient account numbers, medical provider names, clinical or treatment information, medical procedure details, health insurance information, and prescription information.

At this time, Willamette Family has not reported any known cases of fraud or identity theft resulting from this incident. However, due to the sensitive nature and broad scope of the information involved, affected individuals should remain vigilant and regularly monitor their financial and medical accounts for suspicious activity.

What happened?

On September 12, 2024, Willamette Family discovered unauthorized access to one of its employee email accounts. After investigating further, the organization determined that multiple email accounts had been compromised, with unauthorized access potentially starting as early as May 29, 2024.

The breach occurred when unauthorized individuals gained access to these email accounts, potentially viewing or extracting sensitive personal and medical information stored within emails and attachments. The exact method used to compromise these email accounts has not been publicly disclosed.

For more detailed information, you can review the official disclosure notice posted on the Vermont Attorney General's website.

Willamette Family's response

Following the discovery of the breach, Willamette Family immediately took steps to secure its systems. The organization promptly removed unauthorized access, changed passwords, and expanded the use of multi-factor authentication to prevent further unauthorized access.

Willamette Family engaged a leading privacy and data security firm to assist with the investigation and response. A forensic data analysis was conducted to determine the scope of information potentially impacted by the breach.

To assist those affected, Willamette Family has provided detailed guidance on how individuals can protect themselves from identity theft and fraud. The organization recommends that affected individuals remain vigilant by regularly monitoring their financial statements and credit reports for suspicious activity. Affected individuals can obtain free annual credit reports from AnnualCreditReport.com and may consider placing fraud alerts or security freezes on their credit files.

If you have questions or require additional assistance, Willamette Family has established a dedicated call center at (888) 686-4575, available Monday through Friday from 9:00 a.m. to 7:00 p.m. Eastern Standard Time.

For more information, you can visit the organization's official Notice of Data Incident.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
Information Types Exposed
  • name
  • contact information
  • date of birth
  • Social Security number
  • financial account information
  • clinical or treatment information
  • medical provider name
  • medical record number
  • patient account number
  • medical procedure information
  • health
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image