Baker Places, Inc., a mental health service provider based in San Francisco, California, reported unauthorized access to an employee’s email account, detected around February 29, 2024. The incident prompted a password reset to prevent further unauthorized access. A forensic investigation revealed that an unauthorized third party had accessed the email account between February 12 and February 29, raising concerns about the sensitive information potentially acquired during this time.
On June 17, 2024, the company completed its account review, confirming that the protected health information of 971 individuals had been compromised. The exposed information varied widely among individuals and may have included names, Social Security numbers, driver’s license numbers, financial account details, and treatment or diagnosis information. Additionally, prescription information, medical record or patient ID numbers, health insurance details, treatment costs, and provider names were also at risk of exposure, highlighting the severity of the breach.
Despite the serious nature of the compromised data, Baker Places stated that it is unaware of any misuse of the exposed information. The organization believes that the risk of misuse is low, although it did not provide details on how this determination was reached. The lack of clarity regarding potential risks may leave affected individuals concerned about their personal information.
As a precautionary measure, Baker Places is offering complimentary credit monitoring and identity theft protection services to the individuals impacted by the breach. This proactive step aims to assist those affected in monitoring their financial information and mitigating any potential risks stemming from the unauthorized access. The company is likely to enhance its security measures and protocols to prevent future incidents, ensuring the protection of sensitive patient data moving forward.
Reference: