Cyber Incident Victim: Samaritan Daytop Village

Samaritan Daytop Village, Inc. (SDV), a not-for-profit organization originally established as an outpatient drug treatment provider, discovered a cybersecurity incident on September 22, 2021. The organization, which had expanded its services beyond its initial scope over its 60-year history, initiated an investigation but could not conclusively determine whether unauthorized parties accessed, viewed, or exfiltrated data from its systems. On October 26, 2021, SDV publicly disclosed the breach via a press release, acknowledging that impacted information potentially included individuals’ names, dates of birth, Social Security numbers, medical diagnosis and treatment details, and health insurance information. The organization emphasized that its investigation remained ongoing and stated it had not received any reports of fraudulent misuse of the potentially compromised data as of the disclosure date.

In response to the incident, SDV established a dedicated assistance line (855-675-3116) operational Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time for individuals seeking additional information. The organization also provided a mailing address (P.O. Box 4587, Portland, OR 97208-4597) for written inquiries. SDV published its full press release on PRNewswire and its official website, though the announcement did not specify technical details regarding the attack vector, intrusion methods, or affected internal systems. Independent monitoring by DataBreaches.net found no evidence of the compromised data appearing on dedicated leak sites frequently monitored by cybersecurity researchers. SDV’s disclosure contained no mention of ransom demands or encryption events, leaving the incident’s classification as a ransomware attack unconfirmed. The breach exposed sensitive personal and health information but resulted in no publicly documented cases of identity theft or financial fraud at the time of reporting.