Centerstone of Tennessee, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Centerstone of Tennessee, Inc., a non-profit health system based in Nashville, Tennessee, experienced a significant data breach that was confirmed on August 5, 2022. The breach involved unauthorized access to sensitive personal and protected health information (PHI) of certain patients. This incident was part of a broader pattern of cyberattacks targeting healthcare institutions, which are particularly vulnerable due to the sensitive nature of the information they hold.
Overview of the Breach
The unauthorized access was first identified as suspicious activity within Centerstone’s email system on February 14, 2022. An investigation revealed that three employee email accounts had been compromised between November 2021 and February 14, 2022. The breach resulted in the exposure of various types of sensitive information, including:
- Names
- Addresses
- Social Security numbers
- Dates of birth
- Client identification numbers
- Medical diagnosis and treatment information
- Health insurance information
This compromised information falls under the category of protected health information (PHI), which is safeguarded under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI includes a wide range of identifiers that could potentially lead to identity theft or fraud if accessed by unauthorized parties.
Impact and Response
The breach affected 3,675 individuals, making it one of the significant healthcare data breaches in Tennessee in 2022
In response to the breach, Centerstone took immediate steps to secure its systems and mitigate the potential impact on affected individuals. These steps included:
- Sending out data breach notification letters to all affected individuals on August 5, 2022
- Offering complimentary credit and identity monitoring services to those whose Social Security numbers may have been involved in the incident
- Implementing additional safeguards to enhance the security of its systems and reduce the risk of future incidents. These measures included resetting credentials for potentially affected accounts, revising mobile device and email syncing policies, and increasing password complexity requirements
- Legal and Regulatory Actions
Following the breach, Centerstone faced investigations and potential legal actions. Turke & Strauss LLP, a leading data breach law firm, announced an investigation into the incident, highlighting the legal ramifications and the rights of affected individuals to seek remedies