Columbia River Mental Health Services in Vancouver, Washington has issued a press release about a breach that went undetected for approximately one year. From their press release:
Columbia River Mental Health Services (“CRMHS”) recently became aware of suspicious activity related to certain CRMHS email accounts. CRMHS immediately launched an investigation, with the assistance of third-party forensic specialists, to determine the nature and scope of the activity. CRMHS’ investigation determined that there was unauthorized access to certain email accounts from May 14, 2021 to April 8, 2022. CRMHS began reviewing the affected accounts to determine what, if any, sensitive information was contained within them. CRMHS is providing this information in an abundance of caution, as the investigation cannot confirm that information relating to specific individuals was actually accessed.
Unfortunately for their patients, the information in the email accounts may have included some people’s names, addresses, Social Security numbers, driver’s license numbers, financial account information, medical information, health insurance information, username and password, and date of birth.
You can read their full notice on their website.
CRMHS had issued a preliminary notice about this breach back in August and notified HHS at that time, but did not appear to have an exact number reported. Their entry on HHS’s breach tool still shows “501” as of today, but they will likely change at some point. The updated notice does not answer any of the questions DataBreaches posed about this incident other than what kinds of information were in the compromised email accounts.