Missouri-based Burrell Behavioral Health (BBH) has sent letters to more than 67,000 patients regarding a data breach that occurred last year.
The mental health service provider mentioned that one of its business associate’s portal was left unsecured, leaving attackers to possibly access sensitive information. As a result, electronic protected health information (ePHI) of the affected patients are believed to be have been compromised.
The big picture
In the press release, BBH mentioned that their investigation did not find any evidence of unauthorized access of any private information. “Computer forensics experts determined that there was a very low probability that any information was actually accessed; there was no evidence that any unauthorized individuals or automated website crawlers or scanners had accessed the ePHI,” it indicated.
The healthcare provider emphasized that ePHI was formatted in such a way that it could not be found through an online search.
BBH will provide free identity monitoring and protection services to those affected by the security incident. In addition, credit reports were also made available from agencies such as Equifax, Experian, and TransUnion.