Behavioral health and addiction treatment provider.
High Point Treatment Center, Inc., a major Massachusetts substance-use and behavioral-health provider, was hit by a cyberattack attributed to the Abyss ransomware group, which listed it on July 26, 2025 and claimed roughly 1.8 TB of data. The intrusion occurred around June 17-July 7, 2025 and was detected about July 6; notifications began July 29, 2025. Exposed data included names, Social Security numbers, dates of birth, contact details, and treatment/medical information. Reported counts vary (a DataBreach.com parse cites ~184,264 records; one AG filing cited 4,613 individuals for employment-related data), and the total affected count is not clearly confirmed. Substance-use treatment records carry heightened protection under 42 CFR Part 2.
ObscureIQ assessment: Extremely sensitive. Risks include identity theft and medical fraud, but also stigma-based targeting, extortion, reputational harm, and coercion tied to addiction treatment history.
Because appearing in High Point’s records signals a substance-use or behavioral-health treatment relationship, the exposure carries acute stigma, discrimination, and extortion risk on top of identity-theft harm from Social Security numbers and dates of birth. Substance-use records are federally protected under 42 CFR Part 2. The breach affects a vulnerable population, and the notification itself can be disruptive for people in active recovery.
High Point Treatment Center, Inc. (part of High Point & Affiliated Organizations) is a major Massachusetts nonprofit provider of substance-use disorder and behavioral-health treatment, operating detox, residential, and outpatient programs across locations including Brockton, New Bedford, and Plymouth. It maintains highly sensitive patient identity, clinical, insurance, and billing records, plus employee data.
Behavioral health and addiction treatment providers collect highly sensitive patient identity, contact, insurance, billing, and treatment-related records tied to substance use and mental health services.
The Abyss ransomware group listed High Point on its dark-web leak site on July 26, 2025, claiming roughly 1.8 TB of exfiltrated data. High Point detected unusual activity around July 6, 2025 (intrusion window ~June 17-July 7, 2025) and began mailing notifications on July 29, 2025. Reported counts vary (one AG filing cited ~4,613 individuals for employment-related data), and the total patient count is not clearly confirmed. Class-action investigations followed.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.
If you believe your information may be included:
High Point Treatment Center, Inc., a major Massachusetts substance-use and behavioral-health provider, was hit by a cyberattack attributed to the Abyss ransomware group, which listed it on July 26, 2025 and claimed roughly 1.8 TB of data. The intrusion occurred around June 17-July 7, 2025 and was…
Verified fields include Date of Birth, Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation