Santa Rosa Behavioral Healthcare Hospital, a member of the Northern California Behavioral Health System (NCBHS), recently suffered a cyberattack that compromised patient data and disrupted several IT systems. The breach was identified on January 28, 2024, following suspicious activity detected within the hospital’s network. A forensic investigation revealed that unauthorized access occurred between January 27 and January 28, 2024, during which time files containing sensitive patient information were accessed or stolen.
The investigation confirmed that a range of personal and medical data was compromised. Exposed information included names, dates of birth, medical record numbers, details of services received, dates of services, treating physicians, and, in some cases, Social Security numbers and driver’s license numbers. Santa Rosa Behavioral Healthcare Hospital promptly notified affected patients, advising them to review statements from healthcare providers and insurers for any unauthorized services. Additionally, patients whose Social Security or driver’s license numbers were involved have been provided with complimentary identity theft protection services.
While the hospital has reported the incident to the appropriate regulators, it has yet to appear on the Office for Civil Rights breach portal, leaving the exact number of affected individuals unclear at this time. The hospital continues to work closely with cybersecurity experts to enhance its security measures and prevent future breaches. This incident underscores the growing threat of cyberattacks on healthcare institutions and the critical need for robust security protocols to protect sensitive patient information.
Santa Rosa Behavioral Healthcare Hospital remains dedicated to ensuring the privacy and security of its patients’ data. The hospital is taking comprehensive steps to address the breach and mitigate any potential harm. Affected individuals are encouraged to stay vigilant and report any suspicious activity related to their personal information.