Protected Health Information of 129K Individuals Potentially Compromised in Behavioral Health Network Malware Attack

By | August 14, 2020

Behavioral Health Network (BHN), the largest behavioral health service provider in Western Massachusetts, has announced that malware was downloaded onto its computer systems that prevented files from being accessed.

The security breach was discovered on May 28, 2020 when staff were prevented from accessing files. An investigation was immediately launched to determine the extent of the attack and whether any data had been exfiltrated by the attacker. Around July 17, 2020, BHN determined that an unauthorized individual had gained access to its systems on May 26, two days before the malware was introduced.

While it was not possible to determine whether any data had been stolen by the attacker prior to the deployment of the malware, the possibility of data theft could not be totally ruled out. No reports have been received to date indicating patient data has been misused.

An analysis of the affected systems revealed the protected health information of 129,571 current and former patients was potentially compromised. The systems that were accessible to the attacker contained names, addresses, dates of birth, Social Security numbers, medical/diagnosis/treatment information, and/or health insurance claim information.

Out of an abundance of caution, individuals affected by the incident have been offered complimentary credit monitoring and identity theft protection services. To help prevent further data breaches, policies and procedures are being reviewed, staff are being provided with further training on data privacy and security, and additional safeguards are being put in place to prevent further unauthorized data access.

9,200 Rite Aid Customers Notified PHI was Potentially Compromised During Period of Civil Unrest

Rite Aid Corporation has confirmed that the protected health information of 9,200 customers was potentially compromised during the period of civil unrest in late May. Several break-ins occurred at Rite Aid pharmacies. On and after May 27 and thieves stole prescription orders awaiting collection, along with hard copies of prescription records that contained customer information. The types of data exposed or stolen included names, addresses, and details of prescribed medications.

Rite Aid is far from the only pharmacy chain to have suffered break-ins and looting. Walgreens, Walmart, CVS, Cub, and Kroger pharmacies all suffered similar incidents, as did many independent pharmacies.

The post Protected Health Information of 129K Individuals Potentially Compromised in Behavioral Health Network Malware Attack appeared first on HIPAA Journal.