DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

WA: Columbia River Mental Health Services issues preliminary media notice of a breach

Posted on August 21, 2022 by Dissent

On August 8, Columbia River Mental Health Services (“CRMHS”) in Washington State notified HHS about a data security breach involving some employee email accounts.

A press release about the incident claims that CRMHS recently became aware of suspicious activity related to email accounts. They do not state exactly what they mean by “recently.”

An investigation revealed that there had been unauthorized access to some email accounts from May 14, 2021 to April 8, 2022.

CRMHS claims that on July 6, they became aware that protected health information was involved, and that they would be providing notice “in an abundance of caution” when their investigation concludes because the investigation could not confirm that information relating to specific individuals was actually accessed.

As of August 8 when their press release was issued, CRMHS had not yet begun mailing notification letters, and did not even seem to know exactly how many patients they were notifying, reporting the incident to HHS as affecting 501 patients, which is usually a marker for more than 500 but exact amount as yet unknown.

The full press release can be found at PRNewswire.

There seems to be a number of problems that HHS should investigate about this incident, including:

  1. Why did it take from May 2021 until April 2022 to discover a breach?
  2. HOW did they first discover or learn of the breach?
  3. Notification was required no later than 60 days after discovery or when discovery would be reasonable. Assuming for now that CRMHS learned in April or thereabouts, then notification was to HHS and patients was due in June, not August 8 or later.
  4. The notice does not indicate what kinds of information were in the affected employee accounts.

There will likely be updates to this one at some point.

Related Posts:

  • WA: Columbia River Mental Health Services discloses…
  • Simon Eye notifies more than 144,000 patients after…
  • WV: Prestera Mental Health Center reports an…
  • UC San Diego Health announces data breach impacting…
  • Scott County, Iowa discloses data security incident

Post navigation

← Patchwork of US State Regulations Becomes More Complex as Florida, North Carolina Ban Ransomware Payments
Chinese adult site leaking 14 million user details — and it’s increasing?! →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • AlphV claims they have started contacting some of Tipalti’s clients (1)
  • Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
  • What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.
  • On September 2nd, the U.S. branch of Great Star Industrial Co. disbursed a ransom of 1 million dollars to a ransomware group
  • Former Public School Information Technology Manager Charged with Damaging School’s Computer Network
  • Sellafield nuclear site hacked by groups linked to Russia and China
  • Hackers steal IDF patient records from cyberattack on Israeli hospital (corrected)
  • AlphV claims an attack before even alerting the victim. How will that work out for them? (1)

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net