High Point Treatment Center 2025 Data Breach

High Point Treatment Center Addiction & Behavioral Health Provider Breach (2025): 184K Patient Records Including Medical Diagnosis & SSN Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

AbyssRansomware / ExtortionMedicalAddictionDate of BirthEmail AddressFull NameMedical DiagnosisPhone NumberPhysical Address
High SeverityWebsite / service breach

High Point Treatment Center Addiction & Behavioral Health Provider Breach (2025): 184K Patient Records Including Medical Diagnosis & SSN Exposed

Behavioral health and addiction treatment provider.

Verified by ObscureIQ Intelligence
87/100Breach Risk Index
60Data Value
40Market Recency
286dSince Breach

Breach Intelligence Summary

Entity: High Point Treatment Center · Actor: Abyss · Sources: 2 references
Attack: Ransomware / Extortion
Profile: Healthcare provider · Addiction treatment services · Behavioral health provider · USA
Timeline: Breach (2025-06-17) · Indexed (Sep 25, 2025) · Year (2025)
Exposure: 184K records · 7 fields: Date of Birth, Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number
Status: Confirmed

Executive Summary

High Point Treatment Center, Inc., a major Massachusetts substance-use and behavioral-health provider, was hit by a cyberattack attributed to the Abyss ransomware group, which listed it on July 26, 2025 and claimed roughly 1.8 TB of data. The intrusion occurred around June 17-July 7, 2025 and was detected about July 6; notifications began July 29, 2025. Exposed data included names, Social Security numbers, dates of birth, contact details, and treatment/medical information. Reported counts vary (a DataBreach.com parse cites ~184,264 records; one AG filing cited 4,613 individuals for employment-related data), and the total affected count is not clearly confirmed. Substance-use treatment records carry heightened protection under 42 CFR Part 2.

ObscureIQ assessment: Extremely sensitive. Risks include identity theft and medical fraud, but also stigma-based targeting, extortion, reputational harm, and coercion tied to addiction treatment history.

Breach Impact

Because appearing in High Point’s records signals a substance-use or behavioral-health treatment relationship, the exposure carries acute stigma, discrimination, and extortion risk on top of identity-theft harm from Social Security numbers and dates of birth. Substance-use records are federally protected under 42 CFR Part 2. The breach affects a vulnerable population, and the notification itself can be disruptive for people in active recovery.

About High Point Treatment Center

High Point Treatment Center, Inc. (part of High Point & Affiliated Organizations) is a major Massachusetts nonprofit provider of substance-use disorder and behavioral-health treatment, operating detox, residential, and outpatient programs across locations including Brockton, New Bedford, and Plymouth. It maintains highly sensitive patient identity, clinical, insurance, and billing records, plus employee data.

Why They Hold Your Data

Behavioral health and addiction treatment providers collect highly sensitive patient identity, contact, insurance, billing, and treatment-related records tied to substance use and mental health services.

Recent Developments

The Abyss ransomware group listed High Point on its dark-web leak site on July 26, 2025, claiming roughly 1.8 TB of exfiltrated data. High Point detected unusual activity around July 6, 2025 (intrusion window ~June 17-July 7, 2025) and began mailing notifications on July 29, 2025. Reported counts vary (one AG filing cited ~4,613 individuals for employment-related data), and the total patient count is not clearly confirmed. Class-action investigations followed.

Data Points Exposed

7 verified field types
Date of Birth High
Email Address
Full Name High
Medical Diagnosis Critical
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Stigma-based targeting and coercion tied to substance-use/behavioral-health treatment
  • Identity theft and synthetic identity construction using SSN and DOB
  • Medical identity fraud and insurance abuse using treatment data
  • Targeted phishing and vishing referencing behavioral-health care
  • Doxxing and physical targeting from exposed home addresses
  • Discrimination risk (protected SUD records under 42 CFR Part 2)
Threat vectors:
  • Stigma-based targeting & coercion
  • Full identity theft & synthetic identity fraud
  • Medical extortion, insurance fraud & discrimination
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Abyss

Abyss
Ransomware / Extortion

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the High Point Treatment Center breach?

High Point Treatment Center, Inc., a major Massachusetts substance-use and behavioral-health provider, was hit by a cyberattack attributed to the Abyss ransomware group, which listed it on July 26, 2025 and claimed roughly 1.8 TB of data. The intrusion occurred around June 17-July 7, 2025 and was…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation