Two hacking breaches – one at a non-profit provider mental health and substance treatment services and the other at a provider of behavioral health services – affected sensitive information of nearly 400,000 individuals.
The breaches include a 2022 ransomware attack on Lutheran Social Services of Illinois that affected nearly 184,000 individuals, and an email hacking incident affecting nearly 194,000 people involving North Carolina-based Mindpath Health.
LSSI breach report filed on Wednesday says it underwent ransomware incident affecting nearly 184,000 individuals. The ransomware incident was discovered a year ago, on Jan. 27, 2022, according to the organization’s own breach notification statement.
The types of information contained on the affected systems include names, dates of birth, Social Security numbers, financial account information, driver license numbers, biometric information, medical diagnosis and treatment information, and health insurance information, Lutheran says.
Mindpath Health, an independent provider of outpatient behavioral health services in eight states, reported its email hacking incident to HHS OCR on Jan. 10 as affecting nearly 194,000 individuals.
The company’s breach notice says the incident involved unauthorized access to two employee email accounts, one in March 2022 and the second in June 2022.
Affected data includes patient names, addresses, Social Security numbers, dates of birth, medical diagnosis and treatment information, health insurance information, and prescription information.
