PHI of 139K People Possibly Compromised Due to Two Data Breach Incidents

Behavioral Health Network (BHN), the biggest provider of behavioral health service in Western Massachusetts, has reported a malware attack on its computer systems which made its files inaccessible.

BHN discovered the security breach on May 28, 2020 when employees could not access the files and launched an investigation immediately to find out the scope of the attack and if the attacker exfiltrated any data. About July 17, 2020, BHN confirmed that an unauthorized person had accessed its systems on May 26, which was two days prior to malware infection.

Though it cannot be confirmed if the attacker actually stole any information before the malware was deployed, the probability of data theft cannot be completely eliminated. There is no report received thus far that indicates the misuse of patient data.

An audit of the breached systems showed that the protected health information (PHI) of 129,571 present and past patients were likely exposed. The attacker was able to access the systems containing names, birth dates, addresses, medical/diagnosis/treatment data, and/or medical insurance claim details and Social Security numbers.

As a safety precaution, BHN offered free credit monitoring and identity theft protection services to the affected individuals. To prevent the occurrence of other data breaches, the provider reviewed its policies and procedures, gave further HIPAA compliance training to its employees regarding data privacy and security, and implemented extra safety measures to avert future unauthorized systems access.

PHI of 9,200 Rite Aid Clients Potentially Exposed During the Civil Unrest Period

Rite Aid Corporation has reported the potential compromise of the PHI of 9,200 clients during the time of civil unrest that happened recently in May. A number of break-ins transpired at Rite Aid pharmacies. During the May 27 incident and after that, the thieves stole the prescription orders that are to be collected, together with the hard copies of prescription details containing customer data. The stolen or compromised information included the names and addresses of the customers and the specifics of prescribed medicines.

Rite Aid is not the only chain of pharmacies that have experienced break-ins and theft. Walgreens, CVS, Cub, Walmart, and Kroger pharmacies also encountered the same incidents, just like the other independent pharmacies.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at