Substance Use Treatment Giant BayMark Reports Patient Data Breach

One of the largest substance use disorder (SUD) treatment providers in the U.S. announced patients’ records were exposed during a data breach last fall.

BayMark Health Services, which treats over 70,000 patients daily, announced on Friday that an “unauthorized party” disrupted the company’s IT systems and accessed files containing patients’ personal and medical data.

The leaked data varies from patient to patient but includes patient diagnoses, treatment information and specific services rendered. It also includes Social Security numbers, driver’s license numbers, insurance information, provider data, birthdays and dates of service.

Advertisement

The company is offering identity monitoring services for patients whose Social Security or driver’s license numbers were involved.

“We remain committed to protecting the confidentiality and security of patient information and apologize for the concern this may cause,” a statement from the company read. “We take this matter very seriously. To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further protect and monitor our systems.”

BayMark declined Behavioral Health Business’s request for comment.

Advertisement

The Lewisville, Texas-based company first learned of the data breach on October 11, 2024, according to the company statement. An investigation conducted with the aid of third-party forensic experts concluded that the breach occurred between September 24 and October 14.

BayMark operates 383 treatment programs across 35 U.S. states and three Canadian provinces. Its offerings include residential treatment, opioid treatment programs (OTPs), inpatient and outpatient detoxification treatment services and outpatient medication-assisted treatment.

The leak comes less than a year after the Change Healthcare cyberattack that impacted 100 million people. The cyberattack substantially impacted Change’s owner UnitedHealth Group (NYSE: UNH). In July, UnitedHealth stated that the cyberattack led to $0.60 to $0.70 in per-share disruption.

In a document regarding the Change cyberattack, the U.S. Department of Health and Human Services stated in March 2024 that large hacking breaches had increased by 256% over the last five years.

Companies featured in this article: