Data breaches at two American mental healthcare providers may have exposed the personal health information (PHI) of thousands of individuals.
Horizon House, Inc., which is in Philadelphia, Pennsylvania, warned that 27,823 people may have been impacted by a cyber-attack that took place in the late winter.
The provider of mental health and residential treatment services detected suspicious activity on its IT network on March 5. An investigation revealed that the healthcare provider’s IT system had been infected with ransomware.
In a security notice, Horizon House said: “Horizon House systems were accessible by an unknown actor between March 2, 2021, and March 5, 2021, and certain data was exfiltrated from the Horizon House systems.”
A review of the files compromised in the incident determined that the unknown cyber-attacker gained access to data including names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, and health insurance information.
Horizon House has notified all the individuals who were affected by the security breach and advised them to be on the lookout for fraudulent activity.
Meanwhile the Samaritan Center of Puget Sound issued a data breach warning after a computer, server, and other electronic equipment were stolen from its locked offices in Seattle, Washington.
Although the stolen computer and server were password protected, the Center raised concerns that a brute-force attack could render them accessible.
Data stored on the stolen server included the names, appointment dates, diagnoses, copies of charting content, addresses, phone numbers, copies of deposited checks, training videos, insurance information, Social Security numbers, and copies of billing statements of clients who accessed services before July 19.
The Center, which provides spiritually integrated counseling and mental health support, reported the July 19 theft to the HHS’ Office for Civil Rights as a data breach impacting 20,866 individuals.
“The Ravenna facility has been the subject of a number of attacks and break-ins during the last year,” wrote the Center’s clinical director, Matthew Percy.
He added that physical and electronic security were both being tightened.