Major North American substance use disorder and mental health disorder treatment provider BayMark Health Services has alerted patients of the compromise of their personal and health information following a September cyberattack previously admitted by the RansomHub ransomware-as-a-service operation, BleepingComputer reports.
Threat actors who infiltrated BayMark's systems from Sep. 24 to Oct. 14 were able to steal individuals' names, birthdates, Social Security numbers, driver's license numbers, insurance details, received services, service dates, and treatment and diagnostic information, said BayMark in breach notices that did not specify the number of people affected by the incident. Such a development comes after RansomHub — which previously exposed Change Healthcare data and targeted Rite Aid and Halliburton, among others — admitted to having exfiltrated 1.5 TB of files from BayMark, which were since posted on their leak site. Increasingly severe data breaches in the healthcare sector have also prompted the Department of Health and Human Services to propose the inclusion of more stringent health data protections under the Health Insurance Portability and Accountability Act.
