Support Centre

USA: BHN notifies OCR of health data breach following virus affecting their internal systems

Behavioral Health Network, Inc. ('BHN') notified, on 27 July 2020, the U.S. Department of Health & Human Services' Office for Civil Rights ('OCR') of a data breach affecting 129,571 of its patients, which the OCR is now investigating. In particular, BHN highlighted that the breach resulted from a virus which occured on 28 May 2020, which led to prohibited access to BHN's files. In particular, BHN noted that through its investigation, BHN determined that an unauthorised actor had placed malware within the BHN environment that disrupted the operation of certain BHN systems. Moreover, BHN outlined that, around 17 July 2020, the investigation further determined that the unauthorised actor had gained access to certain BHN systems between 26 and 28 May 2020. Furthermore, BHN highlighted that the types of information which were present in the affected systems included, names, addressess, date of births, social security numbers, medical/diagnosis/treatment information, and/or health insurance claim information.

You can read the press release here and and the OCR notice of investigation here.