Behavioral Health Group Reports Data Breach Affecting Protected Patient Health Information | Console and Associates, PC

On July 27, 2022, Behavioral Health Group (“BHG”) filed a formal notice of data breach after a “security incident” affecting the company’s computer system allowed an unauthorized party to access sensitive information belonging to certain patients. According to the BHG, the breach compromised the following types of data: full names, social security numbers, driver’s license numbers, state identification numbers, financial account information, payment card information, numbers passport, biometric data and health insurance information. The breach also exposed patients’ medical information, including medical diagnoses and treatments, medication information, dates of service, and medical record numbers. After confirming the breach and identifying all affected parties, Behavioral Health Group began sending data breach letters to all affected parties.

If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what legal options are available to you following the Behavioral Health Group data breach, please see our recent article on the topic. here.

What we know about the Behavioral Health Group data breach

Information about the Behavioral Health Group data breach comes from the company’s official filing with various state government entities as well as a notice posted on BHG’s website. Obviously, on an undisclosed date, BHG learned that an unauthorized party may have gained access to the company’s computer system. In response, BHG secured its network and began working with external cybersecurity professionals to investigate the incident.

As a result of this investigation, BHG was able to confirm that an unauthorized party deleted certain files and folders from the company’s computer network on December 5, 2021.

After discovering that sensitive consumer data was accessible to an unauthorized party, Behavioral Health Group began reviewing the affected files to determine what information had been compromised and which patients had been affected. Although the hacked information varies depending on the individual, it can include your full name, social security number, driver’s license or state ID number, financial account information, your payment card, passport, biometric data, health insurance information and medical information, including a medical diagnosis. and treatment, medication information, dates of service, and medical record number.

On July 27, 2022, Behavioral Health Group sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.

More information about the Behavioral Health Group

Founded in 2006, Behavioral Health Group is a system of outpatient opioid treatment and recovery centers based in Dallas, Texas. BHG operates 117 locations in twenty-four states and is focused on providing drug treatment for people with opioid use disorder. Behavioral Health Group employs more than 1,900 people and generates approximately $270 million in annual revenue.

Beware of data breaches affecting your protected health information

The Behavioral Health Group data breach resulted in a wide range of patient data ending up in the hands of hackers. In the notice posted on the company’s website, BHG says some of the information disclosed was protected health information. But what is protected health information and why is it so important to keep this information private?

Protected health information is a type of data relating to a patient’s past, present or future health condition. Protected health information also includes information about how a patient pays for health care, such as insurance information or Medicare/Medicaid information. However, not all health data falls into the category of protected health information because, to be considered “protected” health information, the data must contain at least one identifier. An identifier is additional data that anyone can use to identify the patient. For example, common identifiers include patient names, social security numbers, and addresses.

While the consequences of any data breach can have an extremely disruptive impact on your life, the risks that follow as a result of a health data breach are even more serious. For example, healthcare identity theft is generally more difficult to correct than purely financial fraud and often comes at a higher cost to the victim in terms of time and money. One reason for this is that the hackers who carry out these attacks often sell the protected health information they obtain to a third party, who then seeks medical treatment on behalf of the victim.

If you are a victim of healthcare identity theft, the provider who rendered the care will look to you to cover the bill (because, in their minds, you were the patient). However, the most serious threat is that the person who bought your information from a hacker and obtained medical care on your behalf provides doctors with their own information that ends up in your medical records. For example, a fraudulent patient may give the doctor their own list of medications, allergies, or past medical procedures. This information can end up being confused with your own medical information and can pose a real problem the next time you go to the doctor or the hospital.

Anyone who has been the victim of a data breach involving protected health information should take the situation seriously and ensure that they are doing everything possible to mitigate the risk of identity theft in healthcare. Talking to a data breach attorney is a good first step for anyone looking to learn more about what to do in the wake of a healthcare data breach and what their options are for keeping the business going. who disclosed their information financially responsible.

Comments are closed.