Hackers breached the Community Counseling of Bristol County (CCBC) last year, taking sensitive health information from an organization dealing primarily with mental health and substance abuse patients.
Few data points are more private than details concerning your mental health. However, patients of CCBC, a Massachusetts-based behavioral health center that provides mental health and substance use disorder treatment, prevention, and recovery services, had their details stolen.
According to a breach notification letter, attackers breached the clinic in late May 2024. Intruders roamed CBCC’s systems for two days, where “certain files containing protected health information and/or personally identifiable information were stored.”
Worryingly, impacted individuals were notified about the breach only a year after the attack. Whoever accessed CBCC’s details had ample time to utilize it for their purposes. Information the company submitted to the Maine Attorney General’s Office shows that nearly 46,000 people were impacted by the attack.
Exposing personal identifiable information (PII) and health information, especially for individuals dealing with mental health and substance abuse issues, poses severe privacy risks. Threat actors, at least in theory, could use stolen details for identity theft, insurance fraud, and targeted phishing attacks.
CBCC said it will provide individuals impacted by the data breach with complimentary identity protection and credit monitoring services. The clinic also advised to review and monitor financial account statements and credit reports.
The clinic operates six locations in Southern Massachusetts.
Your email address will not be published. Required fields are markedmarked