HIPAA Breach Update

Posted 6/1/20
Updated 6/15/20
Updated 6/24/20

Click to read entire official notice (PDF download)

The Department of Behavioral Health and Intellectual disAbility Services (“DBHIDS”) is posting this notice to alert individuals that their personal health information may have been compromised as a result of a cybersecurity attack. This incident may impact individuals served by DBHIDS or its business associate, Community Behavioral Health (“CBH”), which assists DBHIDS in administering the behavioral health Medicaid program (HealthChoices) for the Philadelphia region.

On March 31, 2020, DBHIDS learned that an employee’s email account had been compromised as a result of a phishing attack. The Office of Innovation and Technology’s Information Security Group (“OIT”) immediately secured the account and began an investigation. During April and May 2020, OIT discovered multiple additional DBHIDS and CBH accounts that were compromised as part of the attack. Each account was secured immediately upon discovery. OIT’s investigation is ongoing and additional DBHIDS and CBH accounts are being reviewed to determine whether they were also compromised. These attacks are believed to be connected to a series of malicious attacks targeting health care and social services agencies during the COVID-19 global pandemic.

To date, the investigation has been unable to confirm whether unauthorized persons have viewed any emails or attachments in the compromised accounts. The accounts contained demographic and health-related information of individuals receiving services and supports through DBHIDS and CBH, including: names, dates of birth, addresses, account and/or medical record numbers, Social Security numbers, health insurance information, clinical information such as diagnosis, dates of service, provider names, and description of services the individual has applied for or was receiving. For a limited number of individuals served by DBHIDS, the accounts also contained scans of birth certificates, driver’s licenses, and Social Security cards.

Click to read entire official notice (PDF download)

If you receive services or support through DBHIDS and have questions or concerns, you can call 1-888-858-1748 for more information. CBH members can call 1-888-545-2600 for more information.