"On August 7, 2025, OCAT became aware of unauthorized activity within its network. Upon discovery of this incident, OCAT promptly initiated an investigation to determine the cause and scope of the unauthorized activity. The investigation found that certain patient information may have been accessed without authorization. Based on these findings, OCAT is notifying all patients whose information was impacted by the incident."
"On June 9, 2025, 10TV News reported that authorities were investigating a fraud and identity theft case involving a former Evoke employee. The employee allegedly misused his access as an employee to obtain patient information, which he then sold on the dark web to others who misused it, or misused it himself."
OCAT, LLC dba Evoke Wellness at Hilliard, an Ohio addiction treatment center, experienced a data breach involving 261 patients. A former employee who worked at the facility between November 2021 and July 2024 misused authorized access to obtain patient information and sold it on the dark web. The breach was discovered on October 10, 2024, when police found suspicious documents. However, the facility's breach notification submitted in February contained conflicting dates, claiming discovery on August 7, 2025, while referencing an incident from July 7, 2024. The notification letter failed to explain the significant delays between the actual breach occurrence, discovery, and formal notification to affected individuals.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]