North Central Behavioral Health Systems reports major email breach

On February 3, 2026, North Central Behavioral Health Systems (NCBHS), an Illinois-based behavioral health provider, recently disclosed a data breach involving unauthorized access to an employee email account that may have exposed sensitive personal information belonging to an undetermined number of individuals.

What happened

North Central Behavioral Health Systems (NCBHS), a behavioral health clinic headquartered in LaSalle, Illinois, announced that it experienced a data breach involving unauthorized access to one of its email accounts. According to a notice posted on the organization’s website, NCBHS discovered suspicious activity in an email account on or around December 2, 2025.

Following the discovery, NCBHS launched an investigation and confirmed that sensitive personal information contained within the affected email account may have been accessed by an unauthorized third party.

NCBHS is currently reviewing the contents of the compromised emails to determine what specific information may have been exposed and which individuals were affected. As of March 9, 2026, the organization has not publicly disclosed the exact types of personal information involved. Affected individuals will receive notifications outlining the information impacted and will be offered complimentary credit monitoring services.

What was said

In the breach notice posted on its website, NCBHS stated, “We want to assure you that we are taking steps to minimize the risk of this happening in the future. Since the incident, we have changed system and user passwords and instituted additional email controls.”

“Letters will be mailed as soon as possible to impacted individuals for whom North Central has addresses, which contain more information about the incident, complimentary credit monitoring and identity protection services, and steps individuals can take to protect themselves. We have no evidence that any of the information impacted by this incident has been misused, but we wanted to make you aware of this out of an abundance of caution.”

Furthermore, the organization encourages “to remain vigilant against incidents of identity theft by reviewing bank accounts and other financial statements. You can also visit the Federal Trade Commission’s website for more information on protecting your identity at consumer.ftc.gov/identity-theft-and-onlinesecurity.”

By the numbers

• North Central Behavioral Health Systems (NCBHS) has been providing behavioral health services for over 40 years.
• 50,000+ patients served over the organization’s history.
• 7,200 patients NCBHS serves annually.
• The organization operates 8 facilities across Illinois.
• The NCBHS employs over 50 individuals in its workforce.

In the know

Email is the single largest cybersecurity vulnerability in the healthcare sector and is often the primary entry point attackers use to access sensitive patient data, including protected health information (PHI).

In 2025 alone, 170 email-related breaches were reported to the HHS Office for Civil Rights. Many of these breaches begin with phishing attacks, which account for over 70% of healthcare data breaches. In these incidents, attackers send deceptive emails to trick employees into revealing login credentials, allowing hackers to take over mailboxes and access patient information like billing data, referrals, and lab results.

Other tactics include spoofing and impersonation, where attackers forge email headers to make messages appear to come from trusted executives, vendors, or IT staff. Third-party vendors also create risk, with 28% of email-related breaches in 2025 involving business associates whose compromised accounts exposed healthcare partners.

Malware and ransomware distributed through email attachments or links have also increased, with ransomware attacks on healthcare increasing by 264% since 2018. Many of these incidents are a result of technical gaps, including weak email authentication practices and reliance on opportunistic encryption, which can revert to unencrypted transmission if a receiving server does not support secure connections.

Learn more: 2025 Healthcare Email Security Report

Why it matters

Healthcare organizations must use a HIPAA compliant email solution, like Paubox, to prevent incidents like the NCBHS breach. Paubox emails offer strong authentication, continuous monitoring, and a secure email infrastructure to protect PHI and reduce the risk of unauthorized access. Paubox email also provides advanced encryption to secure messages during transmission and at rest, protecting them from potential cyber threats.

The bottom line

As investigations continue, affected individuals should carefully review any notification they receive and monitor their accounts for suspicious activity.

FAQs

What is a data breach?

A breach occurs when an unauthorized party gains access, uses or discloses PHI without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.

Can data breaches lead to identity theft?

Yes. When personal and health information is accessed without authorization, there is an increased risk of identity theft, insurance fraud, and unauthorized use of medical records. Patients should monitor their accounts and take preventive measures to reduce potential harm.

Are there any costs associated with placing a fraud alert or credit freeze?

No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. Thus, placing a fraud alert or credit freeze does not incur any costs.