What happened in the Oglethorpe Data Breach?
On October 31, 2025, the Florida-headquartered firm, Oglethorpe Inc., reported to the Maine Attorney General that its data had been breached in June 2025. The organization provides management services for health centers, wellness clinics, and hospitals that provide psychiatric services in three states. More than 92,000 patients’ personal information was breached, including names, birth dates, SSNs, driver’s license numbers, and medical data. The data compromise was discovered on June 6, 2025. Oglethorpe has stated there is no evidence of the use of the information.
What were the Indicators of Compromise (IoCs)?
The attack on the network of Oglethorpe happened on June 6. However, the attack was initiated on May 15, 2025, and the attackers had persistent access until the breach was detected.
What were the Actions Taken in the Data Breach?
The forensic investigation was performed by external investigators and completed on September 16, 2025. The FBI was notified early on and is continuing its own investigation. Oglethorpe has reset all compromised devices and rebuilt their network. They have also been evaluating and modifying all policies and procedures related to their systems, servers, and data storage practices to improve security and attempt to prevent these types of events in the future. The company has also sent all affected patients a letter to inform them of the breach.
What are Some Steps to Prevent this Type of Data Breach?
Oglethorpe has not released any details on how the attack was executed, but some fundamental security practices could have prevented the attack from occurring entirely. Since the attackers exploited a vulnerability, there was one. Performing both regular penetration testing and risk assessments would have identified the vulnerability, giving the company’s security teams time to respond and close the avenue for attack. Penetration tests simulate real-world attack scenarios. With the help of penetration testing, security teams can discover exploitable vulnerabilities before malicious actors, implement the needed security measures, and provide leadership with objective data to prioritize their investments and direct the budget towards what matters most. Employees are the first line of defense and are often the targets of many attacks. Cybersecurity awareness training and simulated phishing campaigns are two great ways to increase staff security and keep them on alert for potential security threats. Targeted simulated phishing campaigns reinforce awareness and help identify more vulnerable users who could be prioritized for further support and follow-up. If a user’s credentials are compromised, role-based access controls (RBAC) enforce least privilege (PoLP) access and limit access to just what is necessary. This can help prevent privilege escalation and lateral movement in the network
Frequently Asked Questions (FAQs) on Cybersecurity Healthcare Organizations
What are the top threats facing the healthcare industry?
Top Cyber Threats in Healthcare
Where can I find a guide to HIPAA and Healthcare Organizations’ Acronyms?
Read a glossary of HIPAA and healthcare acronyms.
What are the recent healthcare data breaches and news on cybersecurity?
You can read articles in our healthcare insights section.
What are cybersecurity services that can help protect healthcare organizations’ data and assets?
- HIPAA Compliance, Risk Assessment, Risk Treatment, Risk Program
- Penetration Testing, Offensive Security, Red Teaming
- External Attack Service Management (EASM) – CTEM
- Security Awareness Training
Where can I get Security Awareness Resources to keep our Teams Alert on Potential Security Threats?
