ManAlive Inc.

ManAlive Inc., which operates an addiction treatment clinic in Baltimore, United States, provides healthcare services focused on substance use disorder treatment. The organization maintains patient records containing sensitive personal and medical information, including names, Social Security numbers, dates of birth, contact details, driver's license data, and treatment-specific information such as admission dates, methadone status, and provider names. This indicates a role in delivering clinical care, potentially including medication-assisted treatment, to individuals seeking recovery support. The clinic serves a local patient population in Baltimore, though the exact scale of operations is not publicly specified beyond the documented incident.

In August 2016, the organization experienced a significant data breach when an attacker employed social engineering to deliver a malicious Microsoft Word document to an employee, compromising system security. The incident resulted in the theft of the clinic's patient database, which the perpetrator subsequently offered for sale on the dark web. The hacker demanded a ransom of 15 Bitcoin to prevent the data's release, a sum the organization did not pay. The breach impacted 860 individuals, as confirmed in reports to federal health authorities. Law enforcement was notified but did not intervene prior to the clinic's awareness of the compromise. This event demonstrates the clinic's handling of protected health information and its compliance with regulatory reporting requirements following a cybersecurity incident. The breach involved the exfiltration of detailed patient records, including sensitive identifiers and treatment details.