Community Research Foundation
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Community Research Foundation (CRF), based in San Diego, California, experienced a significant data breach in October 2022, which was publicly disclosed in June 2023. This breach resulted in the unauthorized access of personal and protected health information belonging to over 30,000 individuals. The compromised data included sensitive information such as names, Social Security numbers, driver’s license numbers, dates of birth, medical treatment and diagnosis information, and health insurance details. Following the discovery of suspicious activity on October 13, 2022, CRF engaged external cybersecurity experts to investigate the incident. The comprehensive review of the affected files concluded on April 19, 2023, identifying the individuals and information involved. CRF has since taken steps to secure its digital environment and has been working to notify impacted individuals, providing them with information on how to protect their data and offering a toll-free call center for further assistance. The breach has been reported to the U.S. Department of Health and Human Services Office for Civil Rights, highlighting the seriousness of the incident[1][4][16][18][20].
CRF is a 501(c)(3) not-for-profit corporation that designs and operates programs aimed at treating, educating, and rehabilitating individuals experiencing mental health problems, particularly those with co-occurring substance abuse disorders. The organization employs over 800 people and generates approximately $76 million in annual revenue[1].
Citations:
- https://www.jdsupra.com/legalnews/community-research-foundation-posts-3395308/
- https://www.hipaajournal.com/june-2023-healthcare-data-breach-report/
- https://ca.finance.yahoo.com/news/community-research-foundation-provides-notice-164700546.html
- https://www.prnewswire.com/news-releases/community-research-foundation-provides-notice-following-data-security-incident-301867238.html
- https://www.edweek.org/policy-politics/lawsuit-spotlights-californias-restrictions-on-researchers-use-of-its-education-data/2023/08
- https://healthitsecurity.com/topic/default/P100
- https://www.myinjuryattorney.com/community-research-foundation-data-breach-investigation/
- https://www.csoonline.com/article/567531/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html
- https://oag.ca.gov/system/files/EHF%20Privacy%20Breach%20Notice_9.2020.pdf
- https://sdbn.org/san-diego-biotech-news/2023/06/29/community-research-foundation-provides-notice-following-data-security-incident/
- https://apps.web.maine.gov/online/aeviewer/ME/40/list.shtml
- https://www.zoominfo.com/c/community-research-foundation-inc/9093538
- https://oag.ca.gov/privacy/databreach/list
- https://www.the74million.org/article/trove-of-l-a-students-mental-health-records-posted-to-dark-web-after-cyber-hack/
- https://healthitsecurity.com/topic/cloud-secur/P100
- https://www.hipaajournal.com/activate-healthcare-reports-security-breach-affects-up-to-93761-patients/
- https://cybersecurityventures.com/intrusion-daily-cyber-threat-alert/
- https://www.ifaxapp.com/hipaa/healthcare-security-breaches/
- https://tech.co/news/data-breaches-updated-list
- https://healthitsecurity.com/news/latest-healthcare-data-breaches-impact-small-mid-sized-providers