Over 170,000 patients affected in Deer Oaks breach


Deer Oaks, a Texas-based mental healthcare provider, reported a data breach exposing the personal information of thousands of its patients, including Social Security numbers and diagnosis codes.

The company said it became aware of “potential unauthorized activity” within its computer network on September 1st and took steps to mitigate the damage.

“The unauthorized activity was immediately detected and isolated by Sophos antivirus software limiting the incident to a one segment of Deer Oaks network,” the company said in a notice report filed with the Maine Attorney General.

ADVERTISEMENT

It said it engaged a specialized incident response vendor to secure its network and conduct a forensic investigation. Further examination revealed that the incident affected 171,871 individuals in total.

Personal information such as Social Security numbers, diagnosis codes, and treatment service types may have been accessed or acquired by unauthorized parties, Deer Oaks said in a notice.

Insurance information, names, addresses, and dates of birth were also exposed, with specific data that was impacted varying per individual.

“As of this writing, Deer Oaks has not received any reports of related identity theft, since the date of the incident to the present,” the company told its customers in a notice filed on October 31st.

In response to the breach, Deer Oaks said it was offering potentially affected individuals 12 months of complimentary credit monitoring and identity theft restoration services through IDX, the data breach and recovery services firm.

“Deer Oaks is committed to ensuring the security and privacy of all personal information within its control, and is taking steps to prevent a similar incident from occurring in the future,” it said.

Deer Oaks provides psychological and psychiatric services to residents of long-term care and assisted living facilities. According to the company, it works with over 1,500 partner facilities across the US.

ADVERTISEMENT