BayMark Health Services says cyber attack compromised staff and patients' data

Texas-based opioid treatment centre, BayMark Health Services, said it experienced a significant data security incident between September and October that compromised the sensitive personal information of its patients and staff.

 

Headquartered in Lewisville,Texas, BayMark Health Services is one of the leading providers of evidence-based opioid use disorder treatment services in North America.

 

In a data security incident notice filed with several Attorney General’s Offices, including California and Vermont, BayMark said that on October 11, it identified suspicious activities in its internal network that caused service disruptions. The healthcare provider immediately launched an investigation, with assistance from eternal cyber security experts, to determine the nature and scope of the incident.

 

BayMark also took steps to contain the incident and notified relevant law enforcement authorities about the incident.

 

“Our investigation determined that an unauthorised party accessed some of the files on BayMark’s systems between September 24, 2024 and October 14, 2024,” BayMark said.

 

It said the compromised data included names, Social Security numbers, driver’s license numbers, dates of birth, services received, dates of service, insurance information, treating provider, and treatment and/or diagnostic information.

 

“To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further protect and monitor our systems,” the medical centre added.

 

The healthcare provider has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Equifax Complete Premier to all affected individuals.

 

In October, the Ransomhub ransomware group claimed responsibility for the cyber attack on BayMark and listed it as a victim on its data leak site. The group claimed to be in possession of  1.5 TB of confidential data stolen from BayMark and gave a deadline of 36 days for the healthcare provider to fulfill its ransom demand. It is unclear whether the healthcare provider engaged with the hacker group or paid a ransom.