Mount Rogers Community Services 2025 Data Breach
ObscureIQ Breach Intelligence
High SeverityWebsite / service breach
Mount Rogers Community Services Behavioral Health Provider Breach (2025): 14K Southwest Virginia Patient & Staff Records Including SSN Exposed via Ransomware
Community services provider for mental health, developmental disability, and substance use treatment.
Verified by ObscureIQ Intelligence
87/100Breach Risk Index
40Data Value
40Market Recency
207dSince Breach
Breach Intelligence Summary
Entity: Mount Rogers Community Services · Actor: INC Ransom · Sources: 2 references
Attack: Ransomware
Profile: Healthcare provider · Behavioral health and social services · Community care provider · USA
Timeline: Breach (2025-06-10) · Indexed (Oct 02, 2025) · Year (2025)
Exposure: 14K records · 5 fields: Email Address, Full Name, Phone Number, Physical Address, Social Security Number
Status: Reported
Executive Summary
Mount Rogers Community Services, a behavioral-health and substance-use-treatment provider in Southwest Virginia, suffered a ransomware attack between April 27 and April 29, 2025. The organization discovered the incident on April 29 and engaged outside cybersecurity experts to investigate. The INC Ransom ransomware group publicly claimed responsibility on June 10, 2025 by listing Mount Rogers on its dark-web leak site and posting sample documents to support the claim.\n\nThe breach affected approximately 38,000 patients and staff. Compromised information varied by individual but included demographic data such as names, Social Security numbers, addresses, dates of birth, and similar identifiers, alongside clinical information including diagnoses and conditions, medications, dates of service, and other treatment information. Billing and insurance records were also affected. INC Ransom samples published on the leak site reportedly included internal documents, salary records, invoices, and confidentiality agreements alongside personal data.\n\nFor affected individuals, the practical risk is unusually severe because of the combination of identity-fraud and behavioral-health stigma exposure. The pairing of name, address, date of birth, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset also confirms the existence of a behavioral-health, developmental-disability, or substance-use treatment relationship, which carries lasting risks of stigma, employment harm, and coercive scams targeting people in vulnerable circumstances. Substance-use treatment records are protected under federal regulation 42 CFR Part 2, which provides additional patient rights. Affected individuals should accept the credit monitoring offered by Mount Rogers, freeze credit at all three U.S. bureaus, monitor health-insurance statements, and contact the SAMHSA national helpline (1-800-662-HELP) or a legal aid service if they have questions about their rights under federal substance-use privacy law.
ObscureIQ assessment: Extremely sensitive. Exposure can drive identity theft and benefits fraud, but also stigma, coercion, reputational harm, and exploitation of people in vulnerable circumstances.
Breach Impact
Mount Rogers faces unusually serious institutional exposure given the populations it serves. Federal HIPAA notification obligations are compounded by 42 CFR Part 2, the federal regulation that gives substance use disorder treatment records stronger protection than standard HIPAA and creates additional pathways for civil action when those records are exposed. The Office for Civil Rights at the U.S. Department of Health and Human Services investigates such breaches as a matter of course. State attorney-general filings, ongoing class-action litigation discussions, and the burden of customer notification across patients, staff, and family members combine to create a substantial cost base. Reputational harm in a rural service area is particularly damaging because community services boards are often the only available behavioral health provider for affected residents.
About Mount Rogers Community Services
Mount Rogers Community Services (MRCS) is a not-for-profit community services board headquartered in Wytheville, Virginia, providing mental health, developmental disability, and substance use disorder treatment services across Southwest Virginia. The organization operates approximately ten clinic and program locations across counties including Wythe, Carroll, Smyth, Grayson, and Bland, alongside the City of Galax. As a community services board, MRCS holds an unusually sensitive set of records spanning behavioral health treatment notes, substance use disorder care histories protected under federal regulation 42 CFR Part 2, developmental disability case files, and the standard identity, billing, and insurance records typical of a HIPAA-covered healthcare provider.
Why They Hold Your Data
Behavioral health and social-service providers collect identity, treatment, counseling, benefits, and case-management records tied to mental health, recovery, and community support programs.
Recent Developments
Mount Rogers identified the ransomware incident on April 29, 2025 and immediately engaged outside cybersecurity specialists. The forensic investigation determined the intrusion began on or about April 27, 2025. The organization filed breach notifications with the Massachusetts Attorney General on June 13, 2025, the Vermont Attorney General on June 16, 2025, and notified affected individuals by mail on June 13, 2025. The INC Ransom ransomware group publicly claimed responsibility on June 10, 2025 by listing Mount Rogers on its dark-web leak site and posting sample documents. Mount Rogers is offering complimentary credit and identity monitoring through Kroll. Class-action investigations by U.S. plaintiff law firms have proceeded.
Data Points Exposed
5 verified field types
Email Address
Full Name High
Phone Number
Physical Address High
Social Security Number Critical
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Identity theft and synthetic identity construction using government-issued IDs
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
- Home targeting, stalking & physical threat
- Full identity theft & synthetic identity fraud
Threat Actor: INC Ransom
INC Ransom
Ransomware
Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware.
Recommended Actions
If you believe your information may be included:
Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Mount Rogers Community Services breach?▾
Mount Rogers Community Services, a behavioral-health and substance-use-treatment provider in Southwest Virginia, suffered a ransomware attack between April 27 and April 29, 2025. The organization discovered the incident on April 29 and engaged outside cybersecurity experts to investigate. The INC…
What data was exposed?▾
Verified fields include Email Address, Full Name, Phone Number, Physical Address, Social Security Number.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation