BayMark Health Services subject of a recent data breach

January 13, 2025
BayMark Health Services Data Breach North America SUD Treatment Rehabilitation Cyberattack

One of North America’s leading SUD treatment and rehabilitation services providers,​ BayMark Health Services, released an advisory about a data breach incident last year in which the hackers stole personal and health information.

The breach could significantly impact numerous individuals as this Texas-based organisation serves at least 75,000 patients daily. Its primary provision includes medication-assisted therapy (MAT) for substance use and mental health issues at over 400 service sites in 35 states and three Canadian provinces.

 

BayMark Health Services identified the malicious incident last October.

 

The BayMark Health Services rolled out data breach notification letters to the affected parties. The letters stated that the organisation discovered the unauthorised access on October 11, 2024, because of an IT system outage.

A follow-up assessment also found that the intruders entered the firm’s computers between September 24 and October 14. The firm assured the public that it immediately secured its systems, initiated an investigation, and notified the relevant law enforcement agencies about the attack.

The compromised company also revealed that the unauthorised individual accessed some of the files on their servers between September 24, 2024 and October 14, 2024. They also quickly deployed a separate team to examine and analyse the accessed files.

The researchers also revealed that the incident featured a variety of data for each affected patient, including their identities and social security numbers, driver’s license numbers, date of birth, services received and dates of service, insurance information, the treating provider, and as any therapy or diagnostic information.

BayMark is offering a year of free identity monitoring services to patients whose Social Security or driver’s license numbers may have been compromised in the incident.

As of now, the organisation has yet to reveal additional details about the data breach or address further inquiries.

On the other hand, the RansomHub ransomware gang claimed responsibility for the breach in October. These threat actors alleged it seized 1.5TB of material from Baymark’s infected servers.

Still, these allegations have yet to confirm the legitimacy of these claims by the company or other researchers investigating the incident.

About the author