Breach of the PHI at Carolina Behavioral Health Alliance, ATC Healthcare and Community of Hope D.C.

A ransomware attack was recently reported by the managed behavioral health company based in Winston-Salem, NC, Carolina Behavioral Health Alliance (CBHA), which manages the behavioral health benefits for Wake Forest Baptist Medical Center and Wake Forest University.

On March 20, 2022, Carolina Behavioral Health Alliance discovered the attack that resulted in the deactivation of its computer systems. The forensic investigators confirmed that attackers got access to its systems from March 19 to March 20 and possibly viewed or acquired the sensitive information of 130,000 health plan members as well as their dependents. The breached information included names, sexuality, addresses, Social Security numbers, and health plan ID numbers.

Thus far, there’s no report received that indicates an actual or attempted patient data misuse. CBHA stated it has put in place extra safety measures to better secure the information of health plan members down the road and has provided the impacted persons with membership to single bureau credit monitoring, credit score services, and credit reporting for 2 years.

ATC Healthcare Reports Email Account Breach

ATC Healthcare based in New York has just reported that unauthorized persons accessed the email accounts of selected employees and possibly viewed or acquired sensitive patient information. The company discovered the incident on December 22, 2021, because of suspicious activity inside its email account. The forensic investigation affirmed that unauthorized persons accessed the email accounts of a number of employees at different times from February 9, 2021 to December 22, 2021.

The impacted email accounts contained names, driver’s licenses, Social Security numbers, financial account details, usernames and passwords, biometric information, medical details, medical insurance data, electronic/digital signatures, employer-assigned ID numbers, and passport numbers.

ATC Healthcare stated it did not find any evidence that indicates access, extraction, or misuse of patient data. Notification letters had been mailed to all persons possibly impacted. It is presently not clear how many persons were affected by the data breach.

Employee Email Account Compromised at Community of Hope D.C.

Community of Hope D.C. (COHDC) recently reported that an unauthorized third party accessed the email account of a staff member and possibly viewed or acquired the protected health information (PHI) of patients. The breach was discovered because of the spam emails sent from the email account. The forensic investigation affirmed that the breach only affected one employee’s email account, which was compromised from January 27, 2022 to February 7, 2022.

The information kept in the account included names, driver’s license numbers, Social Security numbers, financial data, medical insurance details, and medical diagnostic data. The breach affected 645 persons who received free credit monitoring and identity theft protection services.