A public mental health authority in Birmingham, Alabama has notified more than 30,000 individuals that their personal and medical information may have been exposed in a data breach linked to a ransomware attack late last year.
The informed 30,434 people of the breach, according to a disclosure filed with the . The incident occurred in November 2025 and affected data collected over a period spanning more than a decade.
According to the notification sent to those affected, unauthorized access to the authority’s network was detected on or around November 25, 2025.
An internal investigation found that certain files may have been accessed or taken without authorization. The potentially exposed information includes names, Social Security numbers, dates of birth, health insurance details and extensive medical information.
The compromised medical data may include billing and claims records, diagnoses, physician information, medical record numbers, Medicare or Medicaid details, prescription data and treatment or diagnostic information.
The authority said the affected records relate to patients or employees dating back to 2011.
A ransomware group known as claimed responsibility for the attack in December 2025, demanding a ransom of $200,000 and threatening to publish 168.6 gigabytes of allegedly stolen data.
The group posted sample images online as proof of the breach. The mental health authority has not publicly confirmed Medusa’s claim and has not disclosed whether a ransom was paid.
The authority declined to comment on how attackers gained access to its systems. The breach notification does not mention any offer of free credit monitoring or identity theft protection for affected individuals.
Medusa has been active since 2019 and operates a ransomware-as-a-service model, in which affiliates use its tools to carry out attacks.
In 2025, the group claimed responsibility for dozens of confirmed ransomware incidents, many of them targeting healthcare providers. Those attacks exposed the personal data of more than 1.7 million people, according to publicly reported figures.
Healthcare organizations have been a frequent target of ransomware groups in the US. Researchers tracking cyber incidents reported more than 100 confirmed ransomware attacks on hospitals, clinics and care providers in 2025, compromising data belonging to millions of patients. Such attacks can disrupt clinical operations, force providers to revert to manual systems and raise risks to patient safety and privacy.
The Jefferson Blount St. Claire Mental Health Authority operates four mental health facilities serving Jefferson, Blount and St. Clair counties in Alabama.
