Thousands of personal health information of two American Mental Healthcare providers exposed to Data Breach

personal health information American Mental Healthcare provider exposed Data Breach

Two mental healthcare providers in America have been exposed to a data breach that has compromised thousands of affected people’s personal health information (PHI). 

The first one is Horizon House, Inc., a mental healthcare provider located in Philadelphia, Pennsylvania. Last March 5, Horizon House discovered suspicious activity in their IT networks and revealed from the investigation that ransomware has infected their IT systems. The healthcare provider took in an advisory that over 27,000 people might have been affected by this cyberattack. 

Horizon House said in a security notice that their IT systems had been intruded on by unknown threat actors around March 2 to March 5 this year. Specific data was also exfiltrated from the mental healthcare provider’s systems following this attack. 

Upon reviewing the compromised files of the healthcare provider, they discovered that the anonymous threat actor had intruded into their systems. The compromised system contains people’s names, residential addresses, driver’s license numbers, social security numbers, state ID numbers, birthdays, financial data credentials, medical claims, record details and numbers, patient account numbers, medical treatment information and diagnoses, and health insurance details. 


Warnings were sent to affected clients following the data breach issue of the mental healthcare provider.


Due to this data breach problem, Horizon House sent notifications and advisories to the affected individuals to be cautious in case of any suspicious activities concerning all the mentioned leaked personal data. 

On the other hand, another mental healthcare provider, called the Samaritan Center of Puget Sound located in Seattle, Washington also published a data breach advisory following a theft issue. Computers and servers are stolen from their locked offices and other electronic equipment. The healthcare company is concerned about a brute-force attack against the stolen computer and server even though passwords protected them. 

The mental healthcare provider’s clients who have subscribed to their services before July 19 this year have had their information stored on the stolen server compromised. These include names, addresses, diagnoses, appointment dates, phone numbers, charting contents, check deposit copies, health insurance information, training videos, billing statements, and social security numbers. 

This data breach has affected over 20,000 people, according to the mental healthcare provider’s report to the HHS’ Office for Civil Rights. 

The clinical director of the mental healthcare provider said that the two institutions’ physical and electronic security had been tightened already to improve their safety against future data breaches. 

About the author


Leave a Reply