DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WV: Prestera Mental Health Center reports an incident — but is it really a new one?

Posted on July 25, 2021 by Dissent

On July 20, Prestera Mental Health Center posted a notice about what they describe as a “recent” incident.  Their notice, which has been picked up by other sites, states, in part:

“What Happened? On or about April 1, 2021, Prestera Center discovered that information related to certain individuals was potentially accessible to an unknown actor in or about August and September 2020. This incident involved unauthorized access to certain email accounts used by Prestera Center employees. While our investigation was able to confirm access to certain employees’ email accounts, the investigation was unable to rule out access to any emails or attachments contained within those email accounts. Therefore, out of an abundance of caution, a review of the entire contents of the impacted email accounts was conducted to identify emails or attachments containing personal information.

The notice does not indicate the number of people impacted, and the incident is not on HHS’s public breach tool — or at least, not yet.  Or is it?

On December 31, 2020, Prestera reported an incident to HHS that reportedly impacted 3,708 patients.  They also issued a notice at that time which is still on their web site. That notice describes an email incident.  It does not state when it occurred or how many employee accounts were involved, and so we cannot tell if this new report related to the same incident reported in December of 2020 or not. Did Prestera just subsequently discover more compromised accounts than they had discovered in 2020? Is this really an update to a prior report or it really a separate incident?  The December, 2020 report is still an open investigation on HHS’s public breach tool.

DataBreaches.net reached out to Prestera on July 23 through their web site to ask whether the newest report was the same incident originally reported in December or not.  No reply has been received, but DataBreaches.net will update this post if an explanation or reply is received.

In the 2020 report, the type of data involved was described as

patient names, dates of birth, medical record and/or patient account numbers, diagnostic information, healthcare provider information, prescription and/or treatment information and, in some instances, addresses, social security numbers and Medicare/Medicaid ID numbers. The exact elements of personal information that were affected as a result of this incident varied per individual.

In the July, 2021 report, the type of data involved has been described as:

names, addresses, dates of birth, state identification card numbers, Social Security numbers, financial account information, medical information, or health insurance information, was contained within at least one of the impacted email accounts. Please note that the information varies by individual and for many individuals, a limited number of data types were determined to be accessible.

 

Related posts:

  • WV: Prestera Center notifies patients of data security incident
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
Category: Breach IncidentsHealth DataU.S.

Post navigation

← Inside Forkbombo, the dreaded Kenyan cybercrime gang
First came the ransomware attacks, now come the lawsuits →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Breaches have consequences (sometimes)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.