Mindpath Health Company CyberSecurity Posture

mindpath.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Mindpath Health is an independent organization that provides high-quality outpatient mental health services across the U.S. With a team of more than 450 clinicians, Mindpath Health provides a broad spectrum of psychiatry, interventional psychiatry (including TMS and esketamine), and therapy services. We offer in-person and online appointments and coordinate care with primary care physicians and referring professionals to ensure a focus on total health. Mindpath Health is in-network with most commercial insurance plans and has more than 80 locations across Arizona, California, Florida, North Carolina, South Carolina, and Texas.

Mindpath Health A.I CyberSecurity Scoring

Mindpath Health

Company Details

Linkedin ID:

mindpath-health

Website:

http://www.mindpath.com

Employees number:

585

Number of followers:

4,869

NAICS:

62133

Industry Type:

Mental Health Care

Homepage:

mindpath.com

IP Addresses:

Scan still pending

Company ID:

MIN_1336260

Scan Status:

In-progress

AI scoreMindpath Health Risk Score (AI oriented)

Between 550 and 599

https://images.rankiteo.com/companyimages/mindpath-health.jpeg
Mindpath Health Mental Health Care
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreMindpath Health Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/mindpath-health.jpeg
Mindpath Health Mental Health Care
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Mindpath Health

Very Poor
Current Score
596
Ca (Very Poor)
01000
3 incidents
0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

JANUARY 2026
597
DECEMBER 2025
592
NOVEMBER 2025
591
OCTOBER 2025
587
SEPTEMBER 2025
584
AUGUST 2025
581
JULY 2025
577
JUNE 2025
573
MAY 2025
570
APRIL 2025
566
MARCH 2025
563
FEBRUARY 2025
559
JULY 2022
534
Breach
01 Jul 2022 • Mindpath Health
Mindpath Health Data Breach (2022)

Mindpath Health, a US-based mental health provider offering in-person and telehealth services, experienced a **data breach in March and July 2022** when an unauthorized third party accessed its **Microsoft Office 365 business email accounts**. The incident exposed **personal and protected health information (PHI) of thousands of patients**, including sensitive medical and identifying details. Affected individuals filed a **class-action lawsuit**, alleging negligence in cybersecurity measures that could have prevented the breach. While Mindpath denied wrongdoing, it agreed to a **$3.5 million settlement**, offering victims **cash payments (based on time/lost wages), three years of credit monitoring, and a $50 statutory payout for California residents**. The breach led to **legal repercussions, reputational damage, and financial compensation obligations**, with potential long-term risks like identity theft or fraud for exposed patients. The settlement terms also include claim submission deadlines and a final approval hearing in **February 2026**.

390
critical -144
MIN4503945112725
Incident Details -
Type
Data Breach
Attack Vector
Compromised Microsoft Office 365 business email accounts
Impact
Financial Loss: $3.5 million (settlement amount) Personal information Protected health information (PHI) Microsoft Office 365 business email accounts Customer Complaints: Class action lawsuit filed by affected consumers Brand Reputation Impact: Negative (lawsuit and settlement) Legal Liabilities: $3.5 million settlement Identity Theft Risk: High (personal and PHI exposed)
Response
Communication Strategy: Notices sent to affected individuals; class action settlement terms communicated
Data Breach
Personal information Protected health information (PHI) Number Of Records Exposed: Thousands Sensitivity Of Data: High (includes PHI) Data Exfiltration: Likely (accessed email accounts) Personally Identifiable Information: Yes
Regulatory Compliance
Fines Imposed: $3.5 million (settlement, not a fine) Legal Actions: Class action lawsuit filed; settlement approved pending final hearing
Investigation Status
Resolved via settlement (final approval hearing scheduled for Feb. 19, 2026)
Customer Advisories
Class members notified of settlement benefits and claim submission deadlines (Jan. 5, 2026)
Stakeholder Advisories
Notices sent to affected individuals; settlement terms published
Initial Access Broker
Entry Point: Microsoft Office 365 business email accounts Patient personal information Protected health information
Post Incident Analysis
Root Causes: Alleged failure to implement reasonable cybersecurity measures to protect email accounts
References
Blog URL Source URL
JUNE 2022
694
Breach
01 Jun 2022 • $3.5 Million Mindpath Health Data Breach Settlement Gets First Nod
Mindpath Health Email Data Breaches (2022)

$3.5 Million Mindpath Health Data Breach Settlement Gets First Nod A California Superior Court judge has given preliminary approval to a settlement to resolve litigation against Community Psychiatry Management, LLC, operating as Mindpath Health, to resolve a class action lawsuit stemming from two email data breaches in 2022 that affected 193,947 individuals. Mindpath Health is a California-based mental health service provider serving patients in seven U.S. states. In March 2022 and again in June 2022, unauthorized individuals gained access to Microsoft Office 365 business accounts that contained the protected health information of Mindpath Health patients and other individuals. The breach was discovered in June during a routine audit of its email environment, which identified suspicious account activity. The investigation confirmed that two email accounts had been subject to unauthorized access in March and June 2022, exposing names, addresses, Social Security numbers, dates of birth, medical diagnoses, prescriptions, treatment information, and health insurance information. Notification letters were sent to the affected individuals on January 10, 2023, almost seven months after the breach was identified A class action lawsuit was filed in the Eastern District of California by plaintiff Corina Lowrey on January 30, 2023, followed by two further complaints from other Mindpath Health patients. The lawsuits were consolidated into a single complaint – Lowrey, et. al., v. Commu

530
critical -164
MIN1764604608
Incident Details -
Type
Data Breach Unauthorized Access
Attack Vector
Compromised Email Accounts Phishing (likely, though not explicitly stated)
Vulnerability Exploited
Weak Email Security Controls Lack of Multi-Factor Authentication (MFA) (inferred)
Motivation
Financial Gain (likely, given exposed PII/PHI) Data Theft
Impact
Financial Loss: $3.5 million (settlement amount) Microsoft Office 365 Email Accounts (2 accounts) Class Action Lawsuit (Lowrey, et al. v. Community Psychiatry Management, LLC) Preliminary Settlement Approval
Response
Notification Letters to Affected Individuals (2023-01-10) Delayed Disclosure (7 months post-breach)
Data Breach
Protected Health Information (PHI) Personally Identifiable Information (PII) Names Addresses Social Security Numbers (SSNs) Dates of Birth Medical Diagnoses Prescriptions Treatment Information Health Insurance Information Sensitivity Of Data: High (PHI/PII including SSNs and medical records) Emails Attachments (likely)
Regulatory Compliance
HIPAA (likely, given PHI exposure) California Consumer Privacy Act (CCPA) (likely) Class Action Lawsuit Preliminary Settlement Approval ($3.5 million)
Investigation Status
Completed (breach confirmed in 2022, litigation ongoing as of 2024)
Customer Advisories
Notification Letters (2023-01-10)
Initial Access Broker
Compromised Email Accounts (Microsoft Office 365) Patient PHI/PII
Post Incident Analysis
Inadequate Email Security (e.g., lack of MFA) Delayed Detection (breach occurred in March/June 2022, detected in June 2022) Delayed Disclosure (7 months post-detection)
References
Blog URL Source URL
FEBRUARY 2022
758
Breach
19 Feb 2022 • Community Psychiatry Management, LLC, dba Mindpath Health
Data Breach at Community Psychiatry Management, LLC (Mindpath Health)

The California Office of the Attorney General reported a data breach affecting Mindpath Health on January 10, 2023. The breach involved unauthorized access to two employee email accounts occurring in March 2022 and June 2022, potentially exposing limited protected health information. The specific number of individuals affected is unknown.

690
high -68
MIN018072925
Incident Details -
Type
Data Breach
Attack Vector
Unauthorized Access to Email Accounts
Impact
Data Compromised: Limited Protected Health Information
Data Breach
Type Of Data Compromised: Protected Health Information Sensitivity Of Data: High
Initial Access Broker
Entry Point: Email Accounts
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Mindpath Health is 596, which corresponds to a Very Poor rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 592.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 591.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 587.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 584.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 581.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 577.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 573.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 570.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 566.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 563.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 559.

Over the past 12 months, the average per-incident point impact on Mindpath Health’s A.I Rankiteo Cyber Score has been 0 points.

You can access Mindpath Health’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/mindpath-health.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Mindpath Health’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/mindpath-health.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.