Human Development Services of Westchester has announced that they are the victim of a cyberattack.
On July 18th, 2025, Human Development Services of Westchester (HDSW), based out of New York, announced they have experienced a data breach. The organization also reported the breach to the Department of Health and Human Services (HHS), stating the breach impacted 501 individuals. This number is likely a placeholder that will be updated when additional information is released.
According to the breach notice, HDSW determined that the breach and suspicious activity were related to an employee's email account.
An investigation determined that unauthorized access had occurred in one employee’s email account between May 19th and May 20th, 2025. Upon discovery, HDSW contained the incident and began a review process to see what information may have been impacted. HDSW stated that the review is ongoing, but the employee likely had access to sensitive information, including healthcare data.
HDSW added, “We are currently reviewing our policies and procedures, as well as assessing new cybersecurity tools, to reduce the risk of a similar incident from occurring in the future.
HDSW provides significant assistance to those in need in the Westchester community, including stable housing, employment training, scholarships, and healthcare assistance. When organizations like this are attacked, it can hurt already vulnerable populations who may not be able to receive critical services in a timely manner. Moreover, HDSW is a non-profit organization, and funding towards cybersecurity may be limited. Data breaches linked to email are common, but easily avoided with proper training and tools. Paubox makes it easy to keep inboxes secure by offering the best spam-filtering services and automated encryption, meaning employees don’t have to constantly worry about their email security and can instead focus on helping their community.
Currently, HDSW has stated that the breach impacted 501 individuals. This number is likely a placeholder, as HDSW may still be finalizing numbers, but may have wanted to report the incident to the HHS to avoid any late penalties. The breach number will likely be updated and it’s possible, but not certain, that more information could also be released.
Many cybercrimes are crimes of opportunity, meaning that the size of the organization may not matter to attackers. However, small organizations, especially non-profits, may not necessarily have the funding or expertise to secure their digital environment, making them more prone to attack attempts. Breaches often happen randomly, so every organization should prioritize cybersecurity.