Missouri-based Burrell Behavioral Health recently suffered data breach. Facility faced cybersecurity attack after unauthorized party accessed employee’s email account. It discovered the breach on on July 7, 2016. Internal investigation was launched immediately and the account was secured. According to the reports, unauthorized access occurred from July 6, 2016 to July 7, 2016.
“Burrell Behavioral Health has established a dedicated assistance line for anyone seeking additional information regarding this incident, as well as steps to better protect against identity theft. “
Affected information included clients’ names, addresses, dates of birth, Social Security numbers, doctor’s names, diagnoses, disability code, health insurance number, treatments, treatment locations and medical record numbers.
“We take any threat to the security of information entrusted to us very seriously,” Burrell Presdent and CEO Dr. Todd Schaible said in a statement. “Once the attack was discovered, we immediately took counter measures and also hired nationally-renowned computer forensic investigators to determine exactly what happened and what information was at risk. We apologize for any inconvenience or concern this incident may cause our community.”
As per the OCR data breach reporting tool, in total 7,748 individuals may have been affected. Burrell mentioned that the patient PHI in the email account was accessed, but that “information at risk varies for each individual.”
One year of complimentary credit monitoring and identity restoration is provided for the affected people. Facility asked people to remain vigil to avoid identity theft which includes-
Reviewing account statements, medical bills, and health insurance statements regularly for suspicious activity, to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers. If you do not receive regular Explanation of Benefits statements, you can contact your health plan and request them to send such statements following the provision of services.
Alertsec is used by organizations that have recognized the need to protect their information.Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe.