swidup
commented
2 years ago "Crossroads Health in Ohio has experienced a cyberattack that disrupted some of its IT systems. The security incident was detected on January 18, 2022, with the subsequent investigation confirming unauthorized individuals had access to its systems between November 18, 2021, and January 18, 2022.
Assisted by a third-party computer forensics firm, Crossroads Health determined on January 24, 2022, that the attackers exfiltrated files from a legacy system that included the data of clients of the former behavioral health facility, Beacon Health, that has now merged with Crossroads Health. Those files included information such as names, contact information, dates of birth, Social Security numbers, driver’s license numbers, treatment and diagnosis information, and/or health insurance information.
The breach has been reported to the HHS’ Office for Civil Rights as affecting 10,324 individuals. Patients who had their Social Security numbers and/or driver’s license numbers exposed have been offered complimentary credit monitoring and identity protection services.
Crossroads Health said it has implemented additional technical safeguards to protect against future cyberattacks."
https://www.hipaajournal.com/healthcare-organizations-report-email-compromises-hacking-incidents-and-other-ephi-exposures/