Posted On January 13, 2023 Consumer Privacy & Data Breaches
January 13, 2023 – After learning that an unauthorized party had gained access to company email accounts, Community Psychiatry Management, LLC dba Mindpath Health filed a notice of data breach on January 10, 2023 with the Attorney General of Massachusetts. Per the filing, the information that was accessed was full names, dates of birth, addresses, Social Security numbers, health insurance information, prescription information, and medical diagnosis and treatment information.
Data breach lawyers at Console & Associates, P.C. are conducting their own investigation into the breach. If you or a loved one have been a patient at Mindpath now or at any time, your information may be in the hands of an unauthorized party looking to commit identity theft or fraud. We are offering free consultations to help victims of the breach figure out their next steps, how they can protect themselves after their information has been leaked, and whether they can pursue a data breach lawsuit and hold Mindpath financially liable. If you recently received a NOTICE OF DATA BREACH from COMPANY, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Community Psychiatry Management, LLC dba Mindpath Health is a behavioral health provider that offers services like psychiatry, psychology, and related services. Based in San Rafael, California, Mindpath serves patients in Minnesota, South Carolina, Florida, Texas, Ohio, and Arizona with traditional appointments; and telehealth appointments in North Carolina and California. Mindpath generates approximately $73 million in revenue annually and employs over 500 people.
The following information about the data breach at Mindpath Health breach comes from its filing with the Massachusetts Office of Consumer Affairs and Business Regulation as well as a notice on the company’s website.
According to the filings and website, Mindpath discovered suspicious activity in some company email accounts during a routine audit. The company then ensured the security of the email accounts and began working with data security specialists to determine if any confidential information had been accessed. The investigation confirmed that unauthorized parties had access to two email accounts. One account was compromised in March 2022, the other in June 2022.
After confirmation of the leak, Mindpath Health determined that the information that had been accessed was patients’ full names, dates of birth, addresses, Social Security numbers, health insurance information, prescription information, and medical diagnosis and treatment information.
Mindpath Health sent data breach notification letters to all those who had been affected on January 10, 2023.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Mindpath Health data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a notice posted on their website:
On July 5, 2022, during a routine security audit of its email environment, Mindpath Health discovered suspicious activity within its email environment. Upon discovery, Mindpath Health immediately secured our email environment and engaged a third-party forensic firm to investigate the nature and scope of the incident. During the investigation, our third-party forensic firm discovered that two employee email accounts had experienced unauthorized access: one in March, 2022 and the second in June, 2022. On November 15, 2022, following a thorough investigation, it was discovered that a limited amount of protected health information may have been accessed by an unauthorized third party in connection with this incident.
The information that was present in the impacted email account(s) included patient names, addresses, social security numbers, dates of birth, medical diagnosis and treatment information, health insurance information, and prescription information. Importantly, the information potentially impacted varies for each individual, and may include all, or just one of the above-listed types of information.
At this time, Mindpath Health is not aware of any evidence to suggest that any information has been, or will be, misused. However, Mindpath Health was unable to rule out the possibility that the information could have been accessed. Therefore, in an abundance of caution, Mindpath Health is notifying potentially impacted individuals of this incident.
In response to this incident, Mindpath Health has implemented additional security measures within its network and facilities. Additionally, individuals are encouraged to monitor their account statements and explanation of benefits forms for suspicious activity and to detect errors.
Mindpath Health has established a toll-free hotline to answer questions about the incident and to address related concerns. The number for the hotline is 1-833-758-9379.