Mt. Carmel Behavioral Healthcare suffers data breach, exposing sensitive patient information

Mt. Carmel Behavioral Healthcare (MCBH), a behavioral health services provider based out of Columbus, Ohio, has reported a data breach affecting sensitive patient information, following unauthorized access to an employee’s email account. The breach announced to the U.S. Department of Health and Human Services Office for Civil Rights may have exposed various personal data, including names, Social Security numbers, dates of birth, addresses, medical record numbers, patient account numbers, health insurance information, and medical details.

MCBH first detected the incident on June 12, 2024, when it learned that an unauthorized party had accessed an employee’s email account. With the help of third-party cybersecurity experts, the company investigated the breach and confirmed that the unauthorized access occurred between June 11 and June 12, 2024. The exposed email account contained sensitive patient data in both emails and attachments.

In response to the breach, MCBH swiftly secured the compromised account and conducted a review to determine which patients were affected and what specific information was exposed. Following this investigation, MCBH notified impacted individuals via data breach letters sent between August 9 and August 30, 2024. These letters detail the compromised information for each recipient and guide the next steps.

Exposing sensitive personal and medical information to patients impacted by the breach raises concerns over potential identity theft and fraud. Legal experts recommend that those affected take immediate steps to protect themselves, such as monitoring financial accounts and credit reports and consulting with data breach attorneys to discuss legal options for protection and potential recourse.

MCBH, headquartered in Columbus, Ohio, specializes in behavioral health services, offering treatment for a wide range of conditions, including anxiety, depression, PTSD, and substance use disorders. With an annual revenue of approximately $73 million, the healthcare provider serves a significant patient base through inpatient and outpatient programs.