Top of the World Ranch Treatment Center in Illinois has disclosed that a November 17 compromise of a business email account resulted in protected health information being accessible to an attacker. The attack was detected quickly and shut down within hours, and the treatment center’s investigation could not determine if any data was exfiltrated during that brief time.
Information in the account included names, social security numbers, diagnosis and treatment information, provider names, patient identification numbers, and health insurance information.
In their press release, Top of the World Ranch Treatment Center, which provides detox and addiction treatment programs, does not indicate how many patients were notified.
This incident does not appear to be noted on their website and does not yet appear on HHS’s public breach tool.