On April 25, 2024, Therapeutic Health Services (“THS”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that information in the company’s possession was subject to unauthorized access. However, because THS does not appear to have issued a press release or website notice describing the incident, it is unclear what data was leaked. Upon completing its investigation, THS began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Therapeutic Health Services, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Therapeutic Health Services data breach. For more information, please see our recent piece on the topic here.

What Caused the Therapeutic Health Services Data Breach?

The Therapeutic Health Services data breach was only recently announced, and more information is expected in the near future. Unfortunately, THS’ filing with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OIG”) provides only limited information on what led up to the breach.

According to this source, the THS data breach stemmed from a “Hacking / IT incident” involving a network server. However, while it is possible that hackers targeted THS’ computer network, that isn’t necessarily the case—it’s possible this was the result of a third-party data breach targeting one of the vendors to which THS provides information in relation to outsourced services.

Regardless, after learning that sensitive consumer data was accessible to an unauthorized party, Therapeutic Health Services reviewed the compromised files to determine what information was leaked and which consumers were impacted.

While the HHS-OIG notice does not provide a list of what data types were leaked, it likely involved, at the very least, consumers’ protected health information (“PHI”). This is because only data breaches affecting the PHI of more than 500 people need to be reported to the HHS-OIG.

On April 25, 2024, Therapeutic Health Services notified the HHS-OIG of the incident. Typically, this is around the time that companies send out data breach letters to anyone who was affected by the recent data security incident, explaining what information belonging to them was compromised. However, the timeline for the THS data breach could vary.

More Information About Therapeutic Health Services

Founded in 1972, Therapeutic Health Services is a healthcare services company based out of Seattle, Washington. THS provides a range of healthcare and mental healthcare services, including primary care services, substance use services, behavioral health services, and youth & family services. Therapeutic Health Services employs more than 304 people and generates approximately $17 million in annual revenue.