DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MI: Kent County Community Mental Health Authority notifies 2,284 patients after phishing attack

Posted on January 8, 2019 by Dissent

Kent County Community Mental Health Authority of Michigan, dba as Network180, issued a notice on their site about a HIPAA breach that they reported to HHS as affecting 2,284 patients. Here is the text of their notice:

We are posting this notice as part of our serious commitment to privacy. We regret to inform the public that Network180 has discovered a potential breach of protected health information related to over 2,200 of our clients.

Despite safeguards in place, bad-actors gained access to Network180 encrypted e-mail accounts through a “phishing” scheme. On October 28, 2018, Network180 received a series of well-disguised e-mails that appeared to come from a trusted source. Between November 2 through November 13 we determined that three (3) of our staff members had their encrypted email accounts compromised after receiving the fake emails.

Protected health information contained in at least one of these encrypted email accounts may have included the following categories of exposed information:

• Name(s)
• Social Security Numbers (only 20 clients were determined to have SSNs exposed)
• Addresse(s) (current or previous)
• Date of birth
• Medicaid ID number
• Medicare ID number
• Network180 internal ID number
• Waiver Support Application (WSA) ID number
• Name(s) of one or more of a client’s health care providers
• School(s) attending or attended
• Information on ethnicity/race
• Names of a relative or relatives

We cannot confirm what of this information was actually accessed or viewed by the intruder(s). We think it is unlikely that it was. However, since this information was potentially exposed, we want to be sure that the concerned public and community was notified. Additionally, we want to emphasize that we do not believe, nor see any evidence would lead us to believe, any financial information was exposed, accessed, or viewed.

Upon learning of this privacy concern, Network180 launched an internal investigation regarding the matter. The investigation was conducted by Network180’s HIPAA Privacy Officer, HIPAA Security Officer, IT Department, and HIPAA legal counsel. We have concluded our investigation and determined that the inappropriate disclosure was not preventable, have taken remedial steps (such as mass password resets and making sure that no other email accounts were effected), and are putting in place additional safeguards to protect against further “phishing” attacks.

We do not have any information that would suggest that any of our clients’ identity is at risk of theft, nor do we think the type of data potentially accessed is likely to make them vulnerable to identity theft. However, out of an abundance of caution and goodwill, and as an apology for this unfortunate situation, we offered at least one year of free identity protection services through Experian to identified clients.

We deeply regret that this incident occurred. These situations are inherently difficult/impossible to prevent.  Network180 is committed to keeping Network180 recipients’ personal information as protected and safe as possible, and we hope that we have the opportunity to reinforce that commitment to our clients and our community.

If you have any concerns or questions about this statement, please do not hesitate to call Network180 Customer Services at (866) 411-0690, or e-mail at customerservices (at) network180 dot org.

I will grant you that these types of incidents are difficult to prevent. But “impossible?”

No related posts.

Category: Health DataPhishingU.S.

Post navigation

← HK: TransUnion in new apology amid leak fear
Neiman Marcus reaches $1.5 million data breach settlement →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.