Hacking of Bangor Behavioral Health Center Potentially Exposes Details of Around 4000 Patients

Media Division | April 25, 2017

Health organizations continue to be some of the largest targets for barrages of cyber attacks.  Being that they hold such large amounts of privileged and sensitive data, hackers are always looking for ways to purloin this information.  It can be used for several different malicious purposes, such selling it among the dark web or using it to commit fraud.  There has been a multitude of healthcare organizations that have been struck by cyber attacks this year alone, and they will not be stopping anytime soon.  Yet another institution called Behavioral Health Center (BHC) in Bangor, Maine was the victim of a cyber attack last month.  This attack appears to have compromised around 4,000 patient’s private information.

According to reports, the center had become aware of the breach through Databreaches.net, which is a website that follows and reports data breaches.  The site had reported that there was an ad placed on the dark web offering to sell the information for $10,000.  The seller was claiming that the information included names, addresses, medical histories such as therapy sessions and psychiatric evaluations, as well as Social Security numbers.  The seller seemed to indicate that the information went as far back as 2007.  Eventually, the seller had changed the post to be labeled sold.  The seller provided a redacted sample of the information, which allowed DataBreaches.net to identify that the files were from Behavioral Health Center.  Earlier reports had stated that the breach included around 3,000-3,500 patients, but the latest information seems to indicate around 4,000.

How BHC Addressed the Breach

Upon being notified of the breach, BHC immediately took steps to address the incident, by first starting an investigation.  Reports have stated that they were unable to discover how the attacker had breached their systems, as well as whether the claims of the seller were truthful.  They immediately locked access to their patient records, and have since notified the appropriate government agencies, as well as fortified their cyber security.  David Farmer, a spokesman for BHC has said that some of the clients were in files which were vulnerable, but that there does not appear to be any evidence of access. They are also providing 12 months of a credit monitoring service to those potentially affected by the breach. A large issue in the world of cyber security is that many organizations do not put enough attention or focus on data breaches, but it appears that this is not the case with the incident at BHC.

Addressing Data Breaches with Cyber Investigation Services

A data breach can factually destroy an organization if it is not properly mitigated and addressed.  When a perpetrator is able to compromise a system or network, the organization needs to be able to discover the security hole that allowed the breach to occur, as well as trace the source.  Discovering the hole allows them to immediately rectify the vulnerability, and tracing the source allows them to pursue further action against the threat, such as legal retaliation.  Proper investigation and remediation of a breach can allow an organization to recover from it, and eliminate the possibility of a repeat of the same situation.  It is critical that organizations are able to do this not only for themselves but also to show their clientele and customers that they are dedicated to repairing the situation.  Massive Alliance’s cyber investigation services help an organization to handle cyber security incidents and eliminate the threat.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.