DATELINE: Springfield, Missouri – September 2, 2016 – Burrell Behavioral Health today announced a cyber attack on its computer network. On July 7, 2016, it discovered that an individual or individuals gained access to the email account of an employee of Burrell Behavioral Health. Burrell Behavioral Health immediately took steps to secure the email account and launched an investigation to determine whether any sensitive information was accessed or acquired. Burrell Behavioral Health, with the help of computer forensic investigators, determined that the unauthorized access to the email account in question potentially occurred from July 6, 2016 to July 7, 2016. While Burrell Behavioral Health has no evidence that the individual or individuals accessed or acquired protected health information from the employee’s email account, access to the information could not be ruled out.
“We take any threat to the security of information entrusted to us very seriously,” said Dr. Todd Schaible, President and CEO of Burrell Behavioral Health. “Once the attack was discovered, we immediately took counter measures and also hired nationally-renowned computer forensic investigators to determine exactly what happened and what information was at risk.” Dr. Schaible added, “We apologize for any inconvenience or concern this incident may cause our community.”
Information Compromised
While Burrell Behavioral Health has no evidence that the individual or individuals accessed or acquired protected health information from the employee’s email account, it has confirmed that certain clients’ names, addresses, dates of birth, Social Security numbers, doctor’s names, diagnoses, disability code, health insurance number, treatments, treatment locations and medical record numbers may have been contained in the employee’s email account. The information at risk varies for each individual.
Notification
Burrell Behavioral Health has established a dedicated assistance line for anyone seeking additional information regarding this incident, as well as steps to better protect against identity theft. The call center can be reached at 1-877-309-9838, Monday – Friday, 8 a.m. – 5 p.m. CST, excluding major holidays. In addition, Burrell Behavioral Health will be mailing letters directly to clients potentially affected by this incident.
Identity Protection Services
While Burrell Behavioral Health is unaware of any actual or attempted misuse of client personal information, it is offering those individuals potentially affected by this incident access to one year of complimentary credit monitoring and identity restoration services with Kroll, a global leader in risk mitigation and response. If you believe you are affected and would like to enroll in credit monitoring, please call 1-877-309-9838, Monday – Friday, 8 a.m. – 5 p.m. CST, excluding major holidays.
For the full notification, see their web site. The number affected was not disclosed, and the incident does not (yet?) appear on HHS’s public breach tool.
Update: It was reported to HHS as impacting 7,748.