On December 17, 2024, Positive Behavior Supports Corporation (PBS), a provider of Applied Behavior Analysis (ABA) therapy, filed a data breach notice with the Texas Attorney General, revealing a security incident involving unauthorized access to its IT network. The breach occurred between August 13 and November 27, 2024, when an unauthorized party accessed sensitive client data. The company has since launched an investigation into the incident and is working with cybersecurity experts to minimize the impact and secure its network.
The compromised data includes a range of sensitive personal information, such as clients’ names, addresses, phone numbers, Social Security numbers, health insurance details, and diagnostic codes. PBS clarified that although the breach was significant, there is currently no evidence that the exposed data has been publicly disclosed or misused. The company’s prompt action to secure its network helped mitigate the potential risks, and the breach was confirmed after an internal review of the compromised files.
Upon discovering the breach, PBS sent out data breach notification letters to all affected individuals. These letters outlined the specific types of personal information that had been compromised and offered further guidance on steps individuals can take to protect themselves from potential identity theft or fraud. Additionally, PBS is providing identity protection services to those affected, helping to monitor any misuse of their personal data.
Positive Behavior Supports Corporation, which offers ABA therapy services across the U.S. and Canada, has more than 700 employees and an estimated annual revenue of $350 million. The company is committed to maintaining the privacy and security of its clients’ information and has taken steps to prevent future incidents. The breach has raised concerns about the security of sensitive client data in the healthcare industry, underscoring the importance of robust cybersecurity measures in protecting personal health information.
Reference:
