Data Breach at Behavioral Health Network Exposes Info of Nearly 130K Patients

A malware attack at a Massachusetts behavioral health provider might have exposed the protected health information of nearly 130,000 patients.

It happened at Springfield, Massachusetts-based Behavioral Health Network (BHN) in late May, the provider said in a recent release notifying patients of the potential data breach.

BHN is one of the largest behavioral health providers in western Massachusetts, with about 40 locations across the region. It offers a range of comprehensive services to adults, children and families, serving a total of about 40,000 patients per year.


BHN officials noticed their systems had been infected with a malware virus on May 28 and immediately enlisted third-party IT and forensic investigators to look into the incident, according to a privacy notice released by BHN. 

The investigation, which concluded July 17, showed that an unauthorized entity gained access to some BHN systems between May 26 and May 28. While patient data such as Social Security numbers and other sensitive information could have been stolen as a result of the breach, the provider says it has yet to receive any reports of actual or attempted misuse of patient information.

The malware attack impacted 129,571 people, BHN reported to HHS. The behavioral health provider has offered those patients credit monitoring and identity protection services, in addition to training employees with new security measures and taking other protective actions.