DataBreaches.web has discovered two behavioral well being entities that reportedly or allegedly skilled current cyberattacks involving protected well being data of sufferers.
The first, Behavioral Health Partners of Metrowest (BHPMW), describes itself as a partnership that brings collectively main social providers and behavioral well being companies serving the Greater MetroWest area of Massachusetts. Together, they write, Family Continuity, Advocates, South Middlesex Opportunity Council (SMOC), Spectrum Health Systems, and Wayside Youth & Family Support Network present providers in psychological well being, substance use and habit, housing, and social assist for individuals of all ages.
Between September 14, 2021 and September 18, 2021, BHPMW’s methods was accessed by an unknown social gathering. The breach was first found on October 1, 2021. The forms of data concerned embody identify, Social Security Number, date of delivery, medical data, medical insurance data, and different data. The report back to the Maine Attorney General’s Office signifies that 11,288 individuals had been affected. Letters to these affected had been mailed on May 11,2022.
Allwell Behavioral Health Services is a personal, not-for-profit supplier of complete group psychological well being providers in Ohio. Data that seem like theirs has been leaked on a darkish internet leak website by people who declare to have 200 GB of Allwell’s recordsdata. The data listed on the leak website is April 4, 2022, however it isn’t clear whether or not that refers back to the date the system was attacked or the date the group was added to the leak website.
Inspection of a number of the recordsdata within the data leak reveal some personnel data in addition to sufferers’ protected well being data corresponding to identify, date of delivery, telephone quantity, prescription data, medical situations, and medical insurance data.
There is nothing on Allwell’s web site on the time of this publication, and Allwell has not responded to emailed inquiry despatched yesterday by the point of this publication. The leak website doesn’t appear to have posted any contact data for the weblog itself that may allow DataBreaches to ask it some questions concerning the claimed incident.