Opioid Misuse treatment centre confirms a major cyber attack on its systems

Rhode Island-based healthcare non-profit, CODAC Behavioral Health, said the data security incident it suffered last year compromised the sensitive personal information of its patients.

 

Headquartered in Cranston, Rhode Island, CODAC Behavioral Health is one of the largest and oldest not-for-profit providers of treatment for opioid use disorder in the state. With seven locations in and around the state, the healthcare provider caters to more than 10,000 individuals every year.

 

In a data security incident notice posted on its website, CODAC said that on July 24, it identified suspicious activity in its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation revealed that certain information was accessed and copied without authorisation. CODAC is notifying impacted individuals and providing information and resources to help protect individuals’ personal information,” reads the notice.

 

The compromised information included names, dates of birth, medical diagnosis and treatment information, health insurance information, medical record numbers, dates of service, and Social Security numbers. CODAC is yet to share details on the number of affected individuals.

 

“As part of its ongoing commitment to the security of information, CODAC is reviewing and enhancing its existing policies and procedures related to data privacy to reduce the likelihood of a similar future event,” the healthcare provider added.

 

CODAC has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered two years of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.

 

In August, the Qilin ransomware group claimed responsibility for the cyber attack on CODAC and listed it as a victim on its data leak site. The group claimed to be in possession of confidential data stolen from the treatment centre and threatened to leak the same unless a ransom was paid.