Bloom Health Centers, a mental health service provider operating under Psych Associates of Maryland LLC, disclosed a data security incident involving the personal and protected health information of clinicians and patients. This breach, affecting 1,545 patients, was announced on September 11, 2023.
It’s worth noting that some patients receiving treatment from Bloom Health doctors at Dominion Hospital or initially seen at acquired companies like Psych Associates of Maryland may also be impacted.
The security incident was first noticed on July 5, 2023, when Bloom Health identified suspicious activity in its email environment. An ensuing investigation revealed that certain files within a clinician’s mailbox might have been accessed without authorization around June 23, 2023. Subsequently, the attacker gained access to the associated OneDrive.
Although there is currently no evidence of misuse or attempted misuse of this information, the compromised account potentially contained sensitive data, including names, addresses, phone numbers, email addresses, diagnosis and medication details, health insurance information, and, for a limited number of individuals, Social Security numbers.
Bloom Health Centers promptly notified the Department of Health and Human Services (HHS) of the incident on September 1, 2023. The breach highlights the ongoing challenges faced by healthcare organizations in safeguarding patient data and the need for robust cybersecurity measures to protect sensitive health information.