BayMark Health Services has confirmed that patient data and health information was breached as part of a cyber attack that took place in September 2024.
The healthcare service provider became aware of the cyber incident on October 11, 2024 as operations and IT systems were disrupted. A statement confirms that the team took steps to secure the system where possible and worked with third party forensic experts to carry out a thorough investigation.
The investigation revealed an unauthorized user accessed Baymark files between September 24th and October 14th 2024.
Those affected have been notified via a letter sent to their home address, BayMark has confirmed.
According to BayMark, the compromised files information varied per patient but could have included ‘patient names and one or more of the following: Social Security number, driver’s license number, date of birth, services received, dates of service, insurance information, treating provider, and treatment and/or diagnostic information.’
Baymark is North America's largest provider of substance use disorder (SUD) treatment as well as offering recovery services. The sensitivity of this health data makes it of incredibly high value to cybercriminals.
Confidential information can be sold by hackers quickly - and for a high price, or companies can be extorted for its safe return. Stolen information can also be ideal for stealing money through tactics like fraudulent billing.
What to do if you’ve been impacted by the BayMark Data Breach?
Having highly personal data compromised can be extremely distressing. If your information has been leaked Baymark will have notified you directly through a letter sent to your home address.
The Baymark team has set up a call center to answer questions about the data breach and address concerns. This phone line is available by calling 855-295-0995. Baymark is also offering a complimentary identity monitoring service to patients.
Read: McLaren Health Care Cyber Attack Puts Patient Data at Risk
Be aware that your information being compromised can make you a target for social engineering and phishing scams. These scams involve impersonating trusted organizations or individuals using information they already have about you as a result of the leak to convince you to hand over money or further details. Be skeptical of anyone asking you for information.
Update all passwords and enable multi-factor authentication on as many accounts as possible, especially social media accounts as well as banking and email.
Make sure you also keep a close eye on your bank and credit card statements for any unusual activity and report any suspicious transactions immediately and consider freezing your cards and credit.
Organizations must make sure to keep up with the latest trends and best practices in cybersecurity to prevent similar data breaches impacting their clients, customers and staff.
