In September, the behavioral health group discovered that its cloud system was misconfigured, causing patient information to be made viewable online. The patients were from Monarch Shores, Chapters Capistrano, Willow Springs Recovery and Mountain Springs.
After discovering the misconfiguration, Sunshine Behavioral Health Group secured the patient data. In November, the group took steps to remove the records from being searchable online. There is no evidence that the misconfiguration was a malicious act or that any information has been misused.
Patient data that may have been exposed included names, demographic information, contact information, financial information, clinical information, health insurance information, claims, account balance information and electronic signatures. A limited number of Social Security numbers may have also been exposed.
More articles on cybersecurity:
Texas provider alerts 6,500 patients of phishing attack
Connecticut payer alerts 1,100 members of phishing attack
10 tips for hospitals to mitigate ransomware attacks
