Arisa Health, a major behavioral healthcare provider in Arkansas, recently experienced a data breach where sensitive personal and health information was accessed by an unauthorized third party. The breach occurred between March 1 and March 18, 2024, and Arisa Health began notifying affected individuals on July 19, 2024. The compromised data includes names, Social Security numbers, addresses, dates of birth, email addresses, driver’s license numbers, medical information, and health insurance details.
Arisa Health’s investigation revealed that the breach involved unauthorized access to its systems, potentially exposing the personal and health information of many individuals. The exposed data also included specific medical records, health history, and details related to substance abuse programs. This breach is particularly concerning given the sensitive nature of the information stored in Arisa Health’s systems, which could be misused if fallen into the wrong hands.
Arisa Health, based in Springdale, Arkansas, is a CARF-accredited organization formed by the merger of four leading behavioral health providers in the state. It operates over 40 locations and employs more than 1,000 people, offering a wide range of mental health and primary care services. The organization’s services include crisis intervention, therapy, case management, substance use counseling, and wellness exams, among others.
The organization is working to address the breach, advising those affected to remain vigilant for signs of fraud or unauthorized activity. Arisa Health has not offered identity theft protection services but has recommended steps individuals can take to protect their information, such as enabling multi-factor authentication and contacting their banks for additional security measures. The investigation into the breach is ongoing, with external experts involved to mitigate the potential impact.
Reference:
