Advisory 7-8-22
Carolina Behavioral Health Alliance, LLC Confirms Data Breach Following Ransomware Attack
Carolina Behavioral Health Alliance, LLC Confirms Data Breach Following Ransomware Attack
ANALYST NOTES: State-sponsored actors (prob. DPRK) are deploying the unique malware. It is unknown if MAUI ransomware was used for the CBHA compromise. Coverage of the CBHA network includes the Fort Bragg area. Potentially members seeking treatment could have their mental health "metadata" is paired with OPM (or like) information. It is unclear at this time if digitally created patient notes are effected.
Historically DPRK actors focus highly on Revenue generation (REVGEN) - but this could be a more focused effort on collecting psychological profiles of possible DoD members or affiliates. Data which “could have” been leaked as per CBHA’s notice: First/Last name, address, date of birth, date(s) of service, level of care, provider name(s), health plan identification information, and/or Social Security number. Pre developed behavioral profiles could be useful in potential recruiting or influence on the member.
FROM THE MEDIA: Recently, Carolina Behavioral Health Alliance, LLC confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on the company’s computer network. According to the CBHA, the breach resulted in the names, dates of birth, level of care, provider names, addresses, health plan identification numbers, genders, and Social Security numbers of certain plan members being compromised. On July 1, 2022, CBHA filed an official notice of the breach and sent out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Carolina Behavioral Health data breach, please see our recent piece on the topic here.
READ THE STORY: JDSUPRA // GOVCIO // Threatpost