Community Research Foundation

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Community Research Foundation (CRF), based in San Diego, California, experienced a significant data breach in October 2022, which was publicly disclosed in June 2023. This breach resulted in the unauthorized access of personal and protected health information belonging to over 30,000 individuals. The compromised data included sensitive information such as names, Social Security numbers, driver’s license numbers, dates of birth, medical treatment and diagnosis information, and health insurance details. Following the discovery of suspicious activity on October 13, 2022, CRF engaged external cybersecurity experts to investigate the incident. The comprehensive review of the affected files concluded on April 19, 2023, identifying the individuals and information involved. CRF has since taken steps to secure its digital environment and has been working to notify impacted individuals, providing them with information on how to protect their data and offering a toll-free call center for further assistance. The breach has been reported to the U.S. Department of Health and Human Services Office for Civil Rights, highlighting the seriousness of the incident[1][4][16][18][20].

CRF is a 501(c)(3) not-for-profit corporation that designs and operates programs aimed at treating, educating, and rehabilitating individuals experiencing mental health problems, particularly those with co-occurring substance abuse disorders. The organization employs over 800 people and generates approximately $76 million in annual revenue[1].

Citations:

  1. https://www.jdsupra.com/legalnews/community-research-foundation-posts-3395308/
  2. https://www.hipaajournal.com/june-2023-healthcare-data-breach-report/
  3. https://ca.finance.yahoo.com/news/community-research-foundation-provides-notice-164700546.html
  4. https://www.prnewswire.com/news-releases/community-research-foundation-provides-notice-following-data-security-incident-301867238.html
  5. https://www.edweek.org/policy-politics/lawsuit-spotlights-californias-restrictions-on-researchers-use-of-its-education-data/2023/08
  6. https://healthitsecurity.com/topic/default/P100
  7. https://www.myinjuryattorney.com/community-research-foundation-data-breach-investigation/
  8. https://www.csoonline.com/article/567531/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html
  9. https://oag.ca.gov/system/files/EHF%20Privacy%20Breach%20Notice_9.2020.pdf
  10. https://sdbn.org/san-diego-biotech-news/2023/06/29/community-research-foundation-provides-notice-following-data-security-incident/
  11. https://apps.web.maine.gov/online/aeviewer/ME/40/list.shtml
  12. https://www.zoominfo.com/c/community-research-foundation-inc/9093538
  13. https://oag.ca.gov/privacy/databreach/list
  14. https://www.the74million.org/article/trove-of-l-a-students-mental-health-records-posted-to-dark-web-after-cyber-hack/
  15. https://healthitsecurity.com/topic/cloud-secur/P100
  16. https://www.hipaajournal.com/activate-healthcare-reports-security-breach-affects-up-to-93761-patients/
  17. https://cybersecurityventures.com/intrusion-daily-cyber-threat-alert/
  18. https://www.ifaxapp.com/hipaa/healthcare-security-breaches/
  19. https://tech.co/news/data-breaches-updated-list
  20. https://healthitsecurity.com/news/latest-healthcare-data-breaches-impact-small-mid-sized-providers
Breach Submission Date Jun 20, 2023
Converted Entity Name Community Research Foundation
Converted Entity Type Healthcare Provider
State CA
Individuals Affected 30,236
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes