"Mental Healthcare Providers Report Data Breaches"

Data breaches at two American mental healthcare providers may have exposed thousands of individuals’ personal health information (PHI).  Horizon House, Inc., which is in Philadelphia, Pennsylvania, warned that 27,823 people might have been impacted by a cyberattack that took place in the late winter.  Horizon House, Inc. detected suspicious activity on its IT network on March 5. An investigation revealed that the healthcare provider’s IT system had been infected with ransomware.  During the investigation, it was found that the unknown adversary gained access to data including names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, and health insurance information.  Horizon House, Inc. has notified all the individuals affected by the security breach and advised them to be on the lookout for fraudulent activity. The other company breached was Samaritan Center of Puget Sound.   Samaritan Center of Puget Sound issued a data breach warning after a computer, server, and other electronic equipment were stolen from its locked offices in Seattle, Washington.  Although the stolen computer and server were password-protected, the company raised concerns that a brute-force attack could render them accessible.   Data stored on the stolen server included the names, appointment dates, diagnoses, copies of charting content, addresses, phone numbers, copies of deposited checks, training videos, insurance information, Social Security numbers, and copies of billing statements of clients who accessed services before July 19.  The company reported the July 19 theft to the HHS’ Office for Civil Rights as a data breach impacting 20,866 individuals. 

Infosecurity reports: "Mental Healthcare Providers Report Data Breaches"