Notice of Data Privacy Incident
Behavioral Health Network, Inc. (“BHN”) is providing notice of a recent incident that may affect the security of information for current and former individuals served by BHN. The confidentiality, privacy, and security of information in BHN’s care is one of its highest priorities and BHN takes this incident very seriously. To date, BHN has not received any reports of actual or attempted misuse of your information.
What Happened? The cybercrime industry is an ever growing and changing threat to organizations of all sizes and industries. Like Facebook, Twitter, and countless other organizations, BHN is not immune from these types of incidents. On May 28, 2020, certain BHN systems became infected with a virus that prohibited access to its files. Upon discovery, BHN immediately commenced an investigation, which included working with third-party IT and forensic investigators, to determine the full nature and scope of the incident and to secure the BHN network. Through this investigation, BHN determined that an unauthorized actor had placed malware within the BHN environment that disrupted the operation of certain BHN systems. On or about July 16, 2020, BHN’s investigation further determined that the unauthorized actor had gained access to certain BHN systems between May 26, 2020 and May 28, 2020. As a result, the unauthorized actor may have had access to certain files within these systems.
What Information Was Involved? While the investigation was able to determine these BHN systems were accessed, it was unable to determine whether any specific file containing sensitive information was actually accessed or acquired by the unauthorized actor. Therefore, in an abundance of caution, BHN is notifying all current and former individuals served of this incident because the following types of information were present in the affected systems: name, address, date of birth, Social Security number, medical/diagnosis/treatment information, and/or health insurance claim information.
What Are We Doing? Upon discovering this incident, BHN immediately launched an investigation and took steps to secure its systems and determine what personal data was at risk. BHN is individually notifying the potentially affected individuals and as an added precaution, providing individuals with access to complimentary credit monitoring and identity protection services. As part of BHN’s ongoing commitment to the security of information in its care, BHN is working to review existing policies and procedures, to implement additional safeguards, and to provide additional training to BHN employees on data privacy and security. BHN will also be notifying state and federal regulators, as required.
For More Information. You may have questions about this incident that are not addressed in this letter. If you have additional questions and are impacted by this incident, please call BHN’s dedicated assistance line at 844-930-2836 between the hours of 8:00am and 5:30pm Central Time, Monday through Friday, excluding major U.S. holidays. You may also write to BHN at 417 Liberty Street, Springfield, MA 01104.
What Can You Do. BHN sincerely regrets any inconvenience this incident may have caused individuals BHN has served in relation to this matter. BHN encourages you to remain vigilant against incidents of identity theft and fraud, to review your Explanation of Benefits and account statements, and to monitor your credit reports for suspicious activity. Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.
You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit,
mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:
P.O. Box 9554 Allen, TX 75013
P.O. Box 160 Woodlyn, PA 19094 1-888-909-8872
P.O. Box 105788 Atlanta, GA 30348-5788
In order to request a security freeze, you will need to provide the following information:
- Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
- Proof of current address, such as a current utility bill or telephone bill;
- A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
- If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.
As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the agencies listed below:
P.O. Box 9554 Allen, TX 75013
P.O. Box 2000 Chester, PA 19016
P.O. Box 105069 Atlanta, GA 30348
You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.
The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General. This notice has not been delayed by law enforcement.