San Juan Capistrano, Calif.-based Sunshine Behavioral Health began notifying an undisclosed number of patients that their information may have been accessible on the internet.
In September, the behavioral health group discovered that its cloud system was misconfigured, causing patient information to be made viewable online. The patients were from Monarch Shores, Chapters Capistrano, Willow Springs Recovery and Mountain Springs.
After discovering the misconfiguration, Sunshine Behavioral Health Group secured the patient data. In November, the group took steps to remove the records from being searchable online. There is no evidence that the misconfiguration was a malicious act or that any information has been misused.
Patient data that may have been exposed included names, demographic information, contact information, financial information, clinical information, health insurance information, claims, account balance information and electronic signatures. A limited number of Social Security numbers may have also been exposed.