Centerstone of Tennessee, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Centerstone of Tennessee, Inc., a non-profit health system based in Nashville, Tennessee, experienced a significant data breach that was confirmed on August 5, 2022. The breach involved unauthorized access to sensitive personal and protected health information (PHI) of certain patients. This incident was part of a broader pattern of cyberattacks targeting healthcare institutions, which are particularly vulnerable due to the sensitive nature of the information they hold.
Overview of the Breach

The unauthorized access was first identified as suspicious activity within Centerstone’s email system on February 14, 2022. An investigation revealed that three employee email accounts had been compromised between November 2021 and February 14, 2022. The breach resulted in the exposure of various types of sensitive information, including:

  • Names
  • Addresses
  • Social Security numbers
  • Dates of birth
  • Client identification numbers
  • Medical diagnosis and treatment information
  • Health insurance information

This compromised information falls under the category of protected health information (PHI), which is safeguarded under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI includes a wide range of identifiers that could potentially lead to identity theft or fraud if accessed by unauthorized parties.

Impact and Response

The breach affected 3,675 individuals, making it one of the significant healthcare data breaches in Tennessee in 2022

In response to the breach, Centerstone took immediate steps to secure its systems and mitigate the potential impact on affected individuals. These steps included:

  • Sending out data breach notification letters to all affected individuals on August 5, 2022
  • Offering complimentary credit and identity monitoring services to those whose Social Security numbers may have been involved in the incident
  • Implementing additional safeguards to enhance the security of its systems and reduce the risk of future incidents. These measures included resetting credentials for potentially affected accounts, revising mobile device and email syncing policies, and increasing password complexity requirements
  • Legal and Regulatory Actions

Following the breach, Centerstone faced investigations and potential legal actions. Turke & Strauss LLP, a leading data breach law firm, announced an investigation into the incident, highlighting the legal ramifications and the rights of affected individuals to seek remedies

Breach Submission Date Sep 12, 2022
Converted Entity Name Centerstone of Tennessee, Inc.
Converted Entity Type Healthcare Provider
State TN
Individuals Affected 3,675
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes