DataBreaches.net has found 2 behavioral health entities that reportedly or allegedly experienced recent cyberattacks involving protected health information of patients. The first, Behavioral health Partners of Metrowest (BHPMW), describes itself as a partnership that brings together leading social services and behavioral health agencies service the Greater MetroWest region of Massachusetts. Together, they write, Family Continuity, Advocates, south Middlesex Opportunity Council (SMOC), Spectrum Health Systems, and Wayside youth & Family livelihood Network supply services in mental health, substance use and addiction, housing, and social sustenance for people of all ages. Between sep 14, 2021 and September 18, 2021, BHPMW’s systems was accessed by an unknown party. The breach was first discovered on October 1, 2021. The types of info involved include name, social Security Number, engagement of birth, medical information, health insurance information, and other information. The describe to the maine Attorney General’s office indicates that 11,288 people were affected. Letters to those affected were mailed on may 11,2022. Allwell Behavioral health Services is a private, not-for-profit provider of comprehensive community mental health services in Ohio. Data that appear to be theirs has been leaked on a dark web leak site by individuals who exact to have 200 gigabyte of Allwell’s files. The data listed on the leak site is April 4, 2022, but it is not crystalise whether that refers to the date the system was attacked or the date the organization was added to the leak site. Inspection of some of the files in the data leak reveal some personnel information as well as patients’ protected health info such as name, appointment of birth, phone number, prescription information, medical conditions, and health insurance information. There is nothing on Allwell’s website at the time of this publication, and Allwell has not responded to emailed inquiry sent yesterday by the time of this publication. The leak site does not appear to make posted any middleman information for the blog itself that would enable DataBreaches to require it some questions about the claimed incident.