HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Protected Health Information of 129K Individuals Potentially Compromised in Behavioral Health Network Malware Attack

Behavioral Health Network (BHN), the largest behavioral health service provider in Western Massachusetts, has announced that malware was downloaded onto its computer systems that prevented files from being accessed.

The security breach was discovered on May 28, 2020 when staff were prevented from accessing files. An investigation was immediately launched to determine the extent of the attack and whether any data had been exfiltrated by the attacker. Around July 17, 2020, BHN determined that an unauthorized individual had gained access to its systems on May 26, two days before the malware was introduced.

While it was not possible to determine whether any data had been stolen by the attacker prior to the deployment of the malware, the possibility of data theft could not be totally ruled out. No reports have been received to date indicating patient data has been misused.

An analysis of the affected systems revealed the protected health information of 129,571 current and former patients was potentially compromised. The systems that were accessible to the attacker contained names, addresses, dates of birth, Social Security numbers, medical/diagnosis/treatment information, and/or health insurance claim information.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Out of an abundance of caution, individuals affected by the incident have been offered complimentary credit monitoring and identity theft protection services. To help prevent further data breaches, policies and procedures are being reviewed, staff are being provided with further training on data privacy and security, and additional safeguards are being put in place to prevent further unauthorized data access.

9,200 Rite Aid Customers Notified PHI was Potentially Compromised During Period of Civil Unrest

Rite Aid Corporation has confirmed that the protected health information of 9,200 customers was potentially compromised during the period of civil unrest in late May. Several break-ins occurred at Rite Aid pharmacies. On and after May 27 and thieves stole prescription orders awaiting collection, along with hard copies of prescription records that contained customer information. The types of data exposed or stolen included names, addresses, and details of prescribed medications.

Rite Aid is far from the only pharmacy chain to have suffered break-ins and looting. Walgreens, Walmart, CVS, Cub, and Kroger pharmacies all suffered similar incidents, as did many independent pharmacies.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.