DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WV: Prestera Mental Health Center reports an incident — but is it really a new one?

Posted on July 25, 2021 by Dissent

On July 20, Prestera Mental Health Center posted a notice about what they describe as a “recent” incident.  Their notice, which has been picked up by other sites, states, in part:

“What Happened? On or about April 1, 2021, Prestera Center discovered that information related to certain individuals was potentially accessible to an unknown actor in or about August and September 2020. This incident involved unauthorized access to certain email accounts used by Prestera Center employees. While our investigation was able to confirm access to certain employees’ email accounts, the investigation was unable to rule out access to any emails or attachments contained within those email accounts. Therefore, out of an abundance of caution, a review of the entire contents of the impacted email accounts was conducted to identify emails or attachments containing personal information.

The notice does not indicate the number of people impacted, and the incident is not on HHS’s public breach tool — or at least, not yet.  Or is it?

On December 31, 2020, Prestera reported an incident to HHS that reportedly impacted 3,708 patients.  They also issued a notice at that time which is still on their web site. That notice describes an email incident.  It does not state when it occurred or how many employee accounts were involved, and so we cannot tell if this new report related to the same incident reported in December of 2020 or not. Did Prestera just subsequently discover more compromised accounts than they had discovered in 2020? Is this really an update to a prior report or it really a separate incident?  The December, 2020 report is still an open investigation on HHS’s public breach tool.

DataBreaches.net reached out to Prestera on July 23 through their web site to ask whether the newest report was the same incident originally reported in December or not.  No reply has been received, but DataBreaches.net will update this post if an explanation or reply is received.

In the 2020 report, the type of data involved was described as

patient names, dates of birth, medical record and/or patient account numbers, diagnostic information, healthcare provider information, prescription and/or treatment information and, in some instances, addresses, social security numbers and Medicare/Medicaid ID numbers. The exact elements of personal information that were affected as a result of this incident varied per individual.

In the July, 2021 report, the type of data involved has been described as:

names, addresses, dates of birth, state identification card numbers, Social Security numbers, financial account information, medical information, or health insurance information, was contained within at least one of the impacted email accounts. Please note that the information varies by individual and for many individuals, a limited number of data types were determined to be accessible.

 

Category: Breach IncidentsHealth DataU.S.

Post navigation

← Inside Forkbombo, the dreaded Kenyan cybercrime gang
First came the ransomware attacks, now come the lawsuits →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.