Richmond Behavioral Health Authority (RBHA) in Virginia reported a significant data breach affecting over 113,000 individuals. On September 29, 2025, the organization experienced a ransomware attack that encrypted parts of its network. The breach exposed sensitive personal information, including names, Social Security numbers, passport numbers, and financial and health data. RBHA quickly identified the attack the following day and evicted the attackers. Though RBHA stated there is no definitive evidence that personal information was accessed, they are notifying affected individuals as a precaution. The organization advised those impacted to monitor their accounts for unusual activity. The Qilin ransomware group claimed responsibility for the attack in mid-October, publishing 192 gigabytes of alleged stolen data on their leak site, which includes over 393,000 files from RBHA.