HopeWay notifies patients of data breach

The non-profit mental health organization in Charlotte recently released a data breach notice on their website. 

What happened

According to their breach notification, published on May 16th, 2025, the HopeWay Foundation recently discovered a data security incident that impacted 3,523 patients. 

In their notification, HopeWay stated that the incident was linked to an employee email account. The suspicious activity was first discovered in November of 2024, but through an investigation, HopeWay determined that there was unauthorized access to six HopeWay Foundation email accounts between October 31st, 2024, and November 21st, 2024. 

HopeWay quickly conducted a review of the contents of the impacted email accounts. The review was completed on March 19th, 2025. For impacted patients, data may have included names, addresses, dates of birth, Social Security numbers, financial account information, health insurance information, and/or medical treatment and diagnosis information. 

What they’re saying

HopeWay has already begun notifying impacted individuals “out of an abundance of caution.” The organization said they take “this event and the security of information in its care very seriously” and are pleased to have immediately investigated and responded to the event. HopeWay also contacted the U.S. Department of Health and Human Services and any other appropriate governing bodies. 

HopeWay added that they are currently “unaware of any actual misuse of this information.” 

Why it matters

This breach, like many others, was the result of multiple employee emails being compromised. With increasingly sophisticated attackers, email is becoming more difficult to protect. Yet email still remains one of the most common modes of communication–from general questions to sending private or time-sensitive documents. 

Currently, nearly 74% of IT leaders are dissatisfied with email security platforms, but strong security platforms do exist. Paubox provides a secure email suite and email API designed to be integrated with existing email platforms, like Gmail. Paubox has never experienced a data breach and helps protect healthcare, financial, and educational organizations. 

FAQs

Why are emails targeted by attackers? 

Emails often contain a trove of sensitive data, including financial information, Social Security numbers, and more. This information can be extremely valuable on the black market. 

Do small breaches matter as much as big ones? 

While small breaches impact fewer individuals, they can still have a huge impact on those whose data was breached. A breach is often more detrimental if more data is collected on specific individuals because that means that when it is sold on the black market, it’s more likely that fraud can take place.