Behavioral Health Partners of MetroWest LLC Announces Data Breach

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Recently, Behavioral Health Partners of MetroWest LLC (“BHPMW”) confirmed that the company experienced a data breach affecting the personal and sensitive information of 11,288 individuals. According to the BHPMW, the breach resulted in the following information being compromised: names, addresses, Social Security numbers, dates of birth, client identification number, health insurance information, and medical diagnosis or treatment information. On or around May 12, 2022, BHPMW filed official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Behavioral Health Partners data breach, please see our recent piece on the topic here.

What We Know About the BHPMW Data Breach

According to the notice posted on the company’s website, on October 1, 2021, Behavioral Health Partners of MetroWest learned that an unauthorized party copied data from its computer system. In response, BHPMW secured its network and enlisted the assistance of a cybersecurity firm to investigate the incident and whether any consumer data was leaked as a result. The company’s investigation confirmed that an unknown and unauthorized party accessed and obtained data from a network storing BHPMW data between September 14, 2021 and September 18, 2021.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Behavioral Health Partners then reviewed the affected files to determine exactly what information was compromised. While the breached information varies depending on the individual, it may include your name, address, Social Security number, date of birth, client identification number, health insurance information, and medical diagnosis or treatment information. It is reported that as many as 11,288 individuals were affected by the BHPMW data breach.

On or about May 12, 2022, Behavioral Health Partners sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Behavioral Health Partners of MetroWest LLC

Behavioral Health Partners of MetroWest LLC is a partnership between four social services and behavioral health agencies, all of which serve the Greater MetroWest region of Massachusetts. These four agencies are Advocates, South Middlesex Opportunity Council (SMOC), Spectrum Health Systems, and Wayside Youth & Family Support Network. Together, these agencies provide mental health, substance use and addiction, housing, and social support for individuals of all ages.

Steps to Take After a Data Breach Involving Protected Health Information

As noted above, the BHPMW breach resulted in an unauthorized party accessing and downloading certain healthcare-related information. Data breaches involving protected health information are especially concerning, and those who receive a data breach letter from Behavioral Health Partners of MetroWest should ensure they take the necessary steps to protect themselves.

According to the U.S. Department of Health and Human Services, protected health information is defined as information that identifies the individual or may be used to identify the individual and relates to:

  • A person’s past, present or future physical or mental health or condition,

  • The provision of health care to a person, or

  • The past, present, or future payment for the provision of health care to a person.

Data breaches involving protected health information raise different concerns from those that leak other types of data. In fact, the credit reporting agency, Experian, reports that the average cost to resolve a healthcare data breach is approximately $13,500, whereas the average cost to undo the damage of a traditional data breach is roughly $1,300.

Primarily, the threat of a healthcare data breach is that someone uses your information to obtain medical treatment under your name. This raises a few concerns. First, it can result in you getting billed for medical procedures you never had performed. Second, and more importantly, your medical record may contain incorrect information that was provided by the criminal who stole your identity and obtained treatment in your name.

Given this reality, it is imperative for data breach victims who had their protected health information compromised to take certain steps to protect themselves. This involves retaining documentation of the breach, obtaining and reviewing your medical records, and rectifying any errors immediately. Those with additional questions about the steps to take after a data breach involving protected health information should reach out to an experienced data breach lawyer.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide