Hampton-Newport News Community Services Board

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Hampton-Newport News Community Services Board (HNNCSB) in Virginia experienced a significant data breach due to a ransomware attack that began on September 26, 2023. The incident was discovered on November 12, 2023, when HNNCSB noticed technical disruptions within its computer systems. An investigation with the assistance of cybersecurity experts revealed that an unauthorized party had gained access to the network and that sensitive consumer information might have been compromised[1][4].

The data potentially accessed included names, Social Security numbers, addresses, ZIP codes, driver’s license numbers, dates of birth, health information, and insurance information[1][4]. HNNCSB completed the review of the compromised files on December 20, 2023, and began sending out data breach notification letters to affected individuals earlier in January 2024[1].

HNNCSB is a provider of behavioral health and intellectual and developmental disability services based in Hampton, Virginia. The organization employs over 547 people and generates approximately $651 million in annual revenue[1]. In response to the breach, HNNCSB has offered credit monitoring and identity restoration services from Kroll at no cost to those impacted[4].

The cybercriminal group AlphV, also known as BlackCat, claimed responsibility for the attack, threatening to publish over 800 GB of stolen sensitive data unless HNNCSB cooperated with their demands[5]. Despite these threats, there is no indication that HNNCSB complied with the ransom demands.

The breach was reported to the U.S. Department of Health & Human Services’ Office for Civil Rights, affecting 44,312 individuals[15]. HNNCSB has taken steps to secure its systems, implement additional cybersecurity safeguards, and is working with law enforcement agencies, including the FBI, CISA, and the Virginia State Police, to address the incident and prevent future occurrences[4].

Affected individuals are advised to remain vigilant for signs of identity theft and fraud and to take appropriate measures to protect their personal information.

Citations:

  1. https://www.jdsupra.com/legalnews/hampton-newport-news-community-services-4725310/
  2. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
  3. https://www.hnncsb.org/medical-records-and-compliance
  4. https://www.hnncsb.org/public-notification
  5. https://www.databreaches.net/the-big-bad-blackcat-tries-to-bully-hampton-newport-news-csb-shame-on-blackcat/
  6. https://healthitsecurity.com/news/healthcare-data-breaches-continue-to-impact-patients-in-new-year
  7. https://www.pilotonline.com/2024/02/08/military-related-legislation-moving-through-virginia-general-assembly-introduced-by-hampton-roads-lawmakers/
  8. https://www.mass.gov/lists/data-breach-notification-letters-january-2024
  9. https://www.myinjuryattorney.com/hampton-newport-news-community-services-board-data-breach-class-action-investigation-and-lawsuit-assistance/
  10. https://hampton.gov/DocumentCenter/View/412/criminaljusticeplan
  11. https://dbhds.virginia.gov/developmental-services/crisis-services/
  12. https://www.hipaajournal.com/february-14-2024-healthcare-data-breach-round-up/
  13. https://irp.cdn-website.com/e8f00713/files/uploaded/H-NN%20CSB%20Human%20Rights%20Policy.pdf
  14. https://www.mass.gov/doc/assigned-data-breach-number-2024-080-hampton-newport-news-community-services-board/download
  15. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  16. https://www.hnncsb.org
  17. https://twitter.com/OCRNewBreaches/status/1748374192708280342
Breach Submission Date Jan 11, 2024
Converted Entity Name Hampton-Newport News Community Services Board
Converted Entity Type Healthcare Provider
State VA
Individuals Affected 44,312
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes