A major behavioral health alliance has recently announced a significant breach of data. The Carolina Behavioral Health Alliance (CBHA) operates in the city of Winston-Salem and is the administer of behavioral health benefits for Wake Forest University and Wake Forest Baptist Medical Center. The attack was discovered by the alliance on March 20, 2022. Upon detection, the organization notified law enforcement and immediately conducted a comprehensive forensic investigation and deduced that cybercriminals had gained access to the organization’s computer systems between March 19 and March 20. The malicious actors potentially viewed and recovered the personal information of approximately 130,000 health plan clients. The sensitive information collected included names, addresses, Social Security numbers, health plan ID numbers, and gender.
Despite the unauthorized access to personal information, the alliance has received no reports indicating misuse of the stolen data. CBHA maintains that they acted quickly to initiate a response to the attack. With the help of IT specialists, the alliance were able to confirm the security of their network. Additional safeguards were implemented to ensure no further disclosures of information would take place and to limit potential harm. Systems accessed by malicious actors were wiped and rebuilt and further steps were taken to improve the security of the network. Policies, procedures, and network security were also examined and adjusted to concerns regarding the management of patient information and its networks.
CBHA has recommended affected individuals to enroll in their single bureau credit monitoring, credit reporting, and credit services free of charge. The free services will be offered for a period of 24 months from the date of enrollment. Furthermore, the CBHA will be offering proactive fraud assistance in collaboration with a fraud assistance company to help affected individuals with questions if fraud does occur as a result of the unauthorized disclosure. CBHA has maintained that they sincerely regret any frustration, concern, and inconvenience that the disclosure has caused to affected individuals and has promised to mitigate any further harm.