Somerset County Children and Youth Services Department Data Breach
Officials in Somerset County, Pennsylvania, have confirmed an email hacking incident affecting Children and Youth Services patients. Beech Acres Parenting Center in Cincinnati has notified more than 19,000 clients that their personal information was compromised in a November 2024 hacking incident.
Somerset County Children and Youth Services
Officials in Somerset County, Pennsylvania, have identified unauthorized access to the email accounts of certain employees of the Department of Children and Youth Services. Suspicious activity was identified in an employee’s email account on June 26, 2025. Third-party cybersecurity experts were engaged to investigate the activity and confirmed that multiple email accounts had been accessed by an unauthorized third party between June 26 and June 30, 2025.
Some of the emails and attachments in the compromised accounts contained patients’ protected health information. The data review confirmed that the affected individuals had some or all of the following exposed: name, date of birth, Social Security number, date(s) of service, information related to the services received, physician/facility information, medical condition/diagnosis, treatment information, health insurance information, and/or Medicare/Medicaid number. A small subset of individuals may also have had financial information exposed or information related to paternity tests.
Notification letters will be mailed to the 2,251 affected individuals when the review is completed, and complimentary credit monitoring services will be offered, where appropriate. County officials have confirmed that several steps have been taken in response to the incident, including changing email passwords, strengthening authentication requirements, providing further cybersecurity training for the workforce, communicating with staff about the risks from phishing emails, and enhancing email security procedures. Additional tools, training, and third-party monitoring partnerships are also being evaluated.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Beech Acres Parenting Center
Beech Acres Parenting Center, a provider of support services to parents and caregivers in the Greater Cincinnati area in Ohio, has started notifying 19,315 individuals about a November 2024 security incident. Unusual activity was identified within its network on November 24, 2024. Immediate action was taken to contain the incident and prevent further unauthorized access, and third-party cybersecurity experts were engaged to investigate the activity.
The forensic investigation confirmed unauthorized access to its network, and the threat actor may have viewed or acquired files containing sensitive information. The review of the affected files confirmed that the exposed data included the names of current and former clients in combination with one or more of the following: date of birth, Social Security number, driver’s license number, bank account and routing number, health insurance information, and medical or treatment information. The affected individuals were notified by mail on August 22, 2025.
