BayMark Health Services Notifies Patients About October Ransomware Attack
Texas-based BayMark Health Services, North America’s largest provider of substance use disorder treatment and recovery services and a provider of administrative services to BAART Programs, Healthcare Resource Centers, and MedMark Treatment Centers, has started notifying patients that some of their protected health information was compromised in a recent cyberattack.
According to the patient notification letters, BayMark Health Services discovered the cyberattack on October 11, 2024, when its IT systems were disrupted. The forensic investigation confirmed that an unauthorized third party had access to its network for almost 3 weeks between September 24, 2024, and October 14, 2024. During that time, the threat actor accessed and acquired files containing patient data.
BayMark Health Services has reviewed the affected files and confirmed that they contained information such as patient names, dates of birth, services received, dates of service, Social Security numbers, driver’s license numbers, health insurance information, diagnostic and treatment information, and treating provider names. Individuals who had their Social Security numbers or driver’s license numbers compromised have been offered 12 months of complimentary identity monitoring services through Equifax. BayMark Health Services said it has implemented additional safeguards and technical security measures to better protect and monitor its IT systems.
BayMark Health Services did not describe the incident as a ransomware attack; however, a ransomware group has claimed responsibility for the attack. RansomHub, currently the most prolific ransomware-as-a-service (RaaS) group, said it was behind the attack and stole 1.5 TB of data. RansomHub said BayMark Health Services refused to pay the ransom, so the stolen data was uploaded to its dark web data leak site. Individuals offered identity monitoring services should ensure they sign up for those services promptly, and all individuals affected should carefully monitor their accounts for signs of misuse of their data.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
BayMark Health Services has more than 400 service centers in 35 U.S. states and three Canadian provinces and serves more than 75,000 patients a day. The data breach has been reported to the HHS’ Office for Civil Rights as involving the protected health information of 3,170 patients.
