Note: The following notice concerns Haven Behavioral Hospital of Philadelphia and Haven Behavioral Hospital of Eastern Pennsylvania. DataBreaches.net also found that Cottonwood Creek Behavioral Hospital, Phoenix, Frisco (Texas), and Dayton (Ohio) Haven hospitals all published identical notices yesterday. A notice on Haven Behavioral’s web site is not specific to any named hospitals, suggesting that this incident may have affected other Haven facilities as well. DataBreaches.net sent an inquiry earlier this morning to Haven asking about the number of facilities and number of patients impacted, but has received to response as yet. This post will be updated when more details are received.
Update of March 31: Still no response from Haven, but add Albuqueque to the list of facilities affected.
PHILADELPHIA, March 23, 2021 /PRNewswire/ — Haven Behavioral Hospital of Philadelphia and Haven Behavioral Hospital of Eastern Pennsylvania (“Haven”) is providing notice of a recent cyber-security incident so that potentially affected individuals may take additional steps to protect their personal information, should they feel it appropriate to do so. Haven has two hospitals in Pennsylvania, Haven Behavioral Hospital of Eastern Pennsylvania located in Reading and Haven Behavioral Hospital of Philadelphia.
On or around September 27, 2020, Haven observed unusual activity on certain systems. Upon discovering this activity, Haven began an investigation, including working with third party forensic specialists, to identify the source of the activity and determine its impact on Haven affiliated systems. The investigation determined that certain files were potentially accessible on a system that may have been subject to unauthorized access between September 24, 2020 and September 27, 2020. Upon determining that certain files may have been accessible on the impacted system, Haven began a review of these files to learn what might have been accessible at the time of this incident.
Haven immediately undertook a comprehensive review of the contents of the impacted files, to identify anyone who may have personal information within the potentially impacted data. Haven’s investigation cannot determine specifically what files, if any, were actually viewed by the unauthorized actor(s), but the review recently indicates that names and certain information of some individuals were present. This review was completed on March 11, 2021. Haven is mailing notices to those individuals whose information was present.
While, to date, the investigation has found no evidence of actual or attempted misuse of the information present in the potentially impacted files, Haven’s review determined that the documents affected by this incident may include some combination of the following types of information: name, date of birth, medical history, treatment information, provider information, patient identification number, and health insurance information.
The confidentiality, privacy, and security of personal information within Haven’s custody is among its highest priorities. Haven is taking steps to further strengthen the security of its information systems. Haven also continues to review its security policies and procedures as part of its ongoing commitment to protect and maintain information security. Haven is providing a dedicated call center to those who may be impacted to learn more and is also offering them access to credit monitoring as well as general guidance on how to protect against identity theft and fraud. Impacted individuals can learn more by contacting us at (833) 416-0845 (toll free), Monday through Friday, 9 am to 9 pm ET.
###
SOURCE Haven Behavioral Healthcare