Crossroads Health

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Crossroads Health, a non-profit organization providing recovery and mental health services in Ohio, experienced a data breach where an unauthorized party accessed their systems from November 21, 2021, to January 18, 2022. The breach involved the exfiltration of files from a legacy system containing information belonging to clients of the former behavioral health facility, Beacon Health, which had merged with Crossroads Health[1][5][7][13].

The compromised data included sensitive personal identifiable information and protected health information of more than 10,000 individuals. The types of information accessed included names, Social Security numbers, dates of birth, driver’s license numbers, treatment and diagnosis information, and health insurance information[5][7][13].

Crossroads Health has taken steps to notify affected individuals and has offered free credit monitoring services. They have also recommended that those affected review their account statements and credit reports for signs of fraud or unauthorized activity[5].

The incident was reported to the Office for Civil Rights (OCR) as required by law, and it is one of several healthcare data breaches that occurred in Ohio in 2022[3][11]. Legal remedies and investigations are being considered by law firms specializing in data breaches[5].

Citations:

  1. https://crossroadshealth.org/incident/
  2. https://www.scmagazine.com/analysis/cyberattack-on-norwood-clinic-compromises-data-tied-to-228k-patients
  3. https://www.dataguidance.com/news/usa-crossroads-health-notifies-ocr-data-breach
  4. https://www.dataguidance.com/jurisdiction/ohio
  5. https://www.turkestrauss.com/2022/03/22/crossroads-health-data-breach-investigation/
  6. https://go.boarddocs.com/oh/wecs/Board.nsf/files/CTUP4X62C38F/$file/Crossroads%20Health%20Agreement.pdf
  7. https://www.databreaches.net/crossroads-health-of-lake-county-discloses-breach-affecting-former-beacon-health-patients/
  8. https://casetext.com/case/magnotti-v-crossroads-healthcare-mgmt-llc
  9. https://www.nbc4i.com/news/local-news/the-biggest-healthcare-data-breaches-you-should-know-about-in-ohio/
  10. https://www.jstor.org/stable/24894846
  11. https://www.cleveland.com/news/2023/08/these-were-the-10-biggest-healthcare-data-breaches-in-ohio-last-year.html
  12. https://www.crossroadshospice.com/hospice-resources/caregiver-mental-health/
  13. https://blog.rankiteo.com/cro231326422-crossroads-health-ohio-breach-january-2022/
  14. https://crossroadshealth.org/notice-of-privacy-practices/
Breach Submission Date Mar 02, 2022
Converted Entity Name Crossroads Health
Converted Entity Type Healthcare Provider
State OH
Individuals Affected 10,324
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes