- Oct 2, 2011
- 1,562
American Addiction Centers (AAC), a for-profit addiction treatment chain, has suffered a cybersecurity incident exposing the personal records of 422,424 people.
The breached data may include names, addresses, phone numbers, dates of birth, medical record numbers, and other identifiers, according to the company's notification letter sent to those affected.
Social security numbers and health insurance information may also have been exposed, but not patients' treatment information or payment card data, ACC said.
The Brentwood, Tennessee-based company discovered a cybersecurity incident "on or around" September 26 of this year and said it launched an investigation immediately. It notified law enforcement and engaged third-party cybersecurity experts for assistance.
The investigation determined that an “unauthorized party” had taken some data from AAC’s systems between September 23rd and September 26th.
“A thorough review of the impacted data was conducted to identify what information was involved and the individuals to whom the data related,” the company told its clients. It added it was not aware “at this time” of any identity theft or fraud related to the incident.
The breach affected clients of AAC and its affiliated providers, including AdCare, the Greenhouse, Desert Hope Center, Oxford Treatment Center, Recovery First, Sunrise House, River Oaks Treatment Center, and Laguna Treatment Hospital.
A number of healthcare providers have been targeted in a series of cybersecurity incidents recently. A data breach against Regional Care, which took place in mid-September and reported earlier this month, affected 225,000 people.
The Center for Vein Restoration (CVR), a Maryland-headquartered clinic, suffered a major data breach that affected 446K individuals, while an attack on the Massachusetts-based Anna Jaques Hospital (AJH) exposed over 316,000 people.
Attackers target healthcare organizations for two primary reasons: they’re often poorly protected, and the data they keep is extremely valuable. For example, attackers can utilize leaked details for health identity fraud, enabling malicious actors to obtain prescription medication.
The breached data may include names, addresses, phone numbers, dates of birth, medical record numbers, and other identifiers, according to the company's notification letter sent to those affected.
Social security numbers and health insurance information may also have been exposed, but not patients' treatment information or payment card data, ACC said.
The Brentwood, Tennessee-based company discovered a cybersecurity incident "on or around" September 26 of this year and said it launched an investigation immediately. It notified law enforcement and engaged third-party cybersecurity experts for assistance.
The investigation determined that an “unauthorized party” had taken some data from AAC’s systems between September 23rd and September 26th.
“A thorough review of the impacted data was conducted to identify what information was involved and the individuals to whom the data related,” the company told its clients. It added it was not aware “at this time” of any identity theft or fraud related to the incident.
The breach affected clients of AAC and its affiliated providers, including AdCare, the Greenhouse, Desert Hope Center, Oxford Treatment Center, Recovery First, Sunrise House, River Oaks Treatment Center, and Laguna Treatment Hospital.
A number of healthcare providers have been targeted in a series of cybersecurity incidents recently. A data breach against Regional Care, which took place in mid-September and reported earlier this month, affected 225,000 people.
The Center for Vein Restoration (CVR), a Maryland-headquartered clinic, suffered a major data breach that affected 446K individuals, while an attack on the Massachusetts-based Anna Jaques Hospital (AJH) exposed over 316,000 people.
Attackers target healthcare organizations for two primary reasons: they’re often poorly protected, and the data they keep is extremely valuable. For example, attackers can utilize leaked details for health identity fraud, enabling malicious actors to obtain prescription medication.
