HIPAA Breach Update

Posted 6/1/20
Updated 6/15/20
Updated 6/24/20
Updated 8/14/20
Updated 10/5/20

Click to read entire official notice (PDF download, updated 10/5/20)

The Department of Behavioral Health and Intellectual disAbility Services (“DBHIDS”) is posting this notice to alert individuals that their personal health information may have been compromised as a result of a cybersecurity attack. This incident may impact individuals served by DBHIDS or its business associate, Community Behavioral Health (“CBH”), which assists DBHIDS in administering the behavioral health Medicaid program (HealthChoices) for the Philadelphia region.

On March 31, 2020, DBHIDS learned that an employee’s email account had been compromised
as a result of a phishing attack. The Office of Innovation and Technology’s Information
Security Group (“OIT”) immediately secured the account and began an investigation.
Following this initial discovery, OIT discovered multiple additional DBHIDS and CBH accounts that were compromised as part of the attack. The password for each account was changed promptly upon discovery. OIT’s investigation is ongoing and additional DBHIDS and CBH accounts are being reviewed to determine whether they were also compromised. As of the date of this posting, the City’s investigation efforts have confirmed that additional DBHIDS and CBH accounts were subject to unauthorized access intermittently between March 31, 2020 and September 3, 2020. These attacks are believed to be connected to a series of malicious attacks targeting health care and social services agencies during the COVID-19 global pandemic.

Click to read entire official notice (PDF download, updated 8/14)

If you receive services or support through DBHIDS and have questions or concerns, you can call 1-888-858-1748 for more information. CBH members can call 1-888-545-2600 for more information.