Carolina Behavioral Health Alliance Reports Breach of the PHI of 130,000 Health Plan Members

The Winston-Salem, NC-based managed behavioral health organization, Carolina Behavioral Health Alliance (CBHA), the administrator of behavioral health benefits for Wake Forest University and Wake Forest Baptist Medical Center, has recently announced it was the victim of a ransomware attack.

The attack was detected on March 20, 2022, and resulted in computer systems being disabled. The forensic investigation of the incident confirmed the attackers had to its systems between March 19 and March 20 and may have viewed or obtained the sensitive data of 130,000 health plan members and their dependents, including names, addresses, health plan ID numbers, genders, and Social Security numbers.

To date, no reports have been received to indicate there has been any actual or attempted misuse of patient data. CBHA said it has implemented additional safeguards to better protect the data of health plan members in the future and has offered affected individuals access to single bureau credit monitoring, credit reporting, and credit score services for 24 months.

ATC Healthcare Announces Email Data Breach

ATC Healthcare in New York has recently confirmed that the email accounts of certain employees were accessed by unauthorized individuals, who may have viewed or obtained sensitive patient data. The incident was detected on December 22, 2021, when suspicious activity was identified within its email environment. The forensic investigation confirmed that several employee email accounts had been accessed by unauthorized individuals at various points between February 9, 2021, and December 22, 2021.

Please see the HIPAA Journal Privacy Policy

The affected email accounts included names, Social Security numbers, driver’s licenses, financial account information, usernames and passwords, passport numbers, biometric data, medical information, health insurance information, electronic/digital signatures, and employer-assigned identification numbers.

ATC Healthcare said it found no evidence to suggest patient information was accessed, exfiltrated, or misused, and that notification letters were sent to all individuals potentially affected. It is currently unclear how many individuals have been affected by the data breach.

Employee Email Account Compromised at Community of Hope D.C.

Community of Hope D.C. (COHDC) has discovered the email account of an employee has been accessed by an unauthorized third party, who may have viewed or obtained patients’ protected health information. The breach was detected when the email account was used to send spam emails. The forensic investigation confirmed the breach was limited to a single employee email account, which was breached between January 27, 2022, and February 7, 2022.

The account contained names, Social Security numbers, driver’s license numbers, financial information, health insurance information, and health diagnostic information. 645 individuals have been affected by the breach and have been offered complimentary credit monitoring and identity theft protection services.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.