- The mental health service provider told that its patients’ health information was compromised back in August 2018.
- An unnamed business associate is purported to have left an external portal insecure which led to the breach.
Missouri-based Burrell Behavioral Health (BBH) has sent letters to more than 67,000 patients regarding a data breach that occurred last year.
The mental health service provider mentioned that one of its business associate’s portal was left unsecured, leaving attackers to possibly access sensitive information. As a result, electronic protected health information (ePHI) of the affected patients are believed to be have been compromised.
The big picture
- ePHI of BBH’s patients was reportedly exposed on August 2018 and contained a variety of information records.
- The records include name, address, telephone number, date of birth, gender, date of service, type of services, insurance information, driver’s license number, and social security number.
- Once the incident was discovered, BBH has said that it took down the exposed portal and subsequently launched an investigation.
- BBH suggests that the ePHI was not accessed by unauthorized individuals or attackers as per the results of the investigation.
In the press release, BBH mentioned that their investigation did not find any evidence of unauthorized access of any private information. “Computer forensics experts determined that there was a very low probability that any information was actually accessed; there was no evidence that any unauthorized individuals or automated website crawlers or scanners had accessed the ePHI,” it indicated.
The healthcare provider emphasized that ePHI was formatted in such a way that it could not be found through an online search.
BBH will provide free identity monitoring and protection services to those affected by the security incident. In addition, credit reports were also made available from agencies such as Equifax, Experian, and TransUnion.