Hampton-Newport News Community Services Board
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Hampton-Newport News Community Services Board (HNNCSB) in Virginia experienced a significant data breach due to a ransomware attack that began on September 26, 2023. The incident was discovered on November 12, 2023, when HNNCSB noticed technical disruptions within its computer systems. An investigation with the assistance of cybersecurity experts revealed that an unauthorized party had gained access to the network and that sensitive consumer information might have been compromised[1][4].
The data potentially accessed included names, Social Security numbers, addresses, ZIP codes, driver’s license numbers, dates of birth, health information, and insurance information[1][4]. HNNCSB completed the review of the compromised files on December 20, 2023, and began sending out data breach notification letters to affected individuals earlier in January 2024[1].
HNNCSB is a provider of behavioral health and intellectual and developmental disability services based in Hampton, Virginia. The organization employs over 547 people and generates approximately $651 million in annual revenue[1]. In response to the breach, HNNCSB has offered credit monitoring and identity restoration services from Kroll at no cost to those impacted[4].
The cybercriminal group AlphV, also known as BlackCat, claimed responsibility for the attack, threatening to publish over 800 GB of stolen sensitive data unless HNNCSB cooperated with their demands[5]. Despite these threats, there is no indication that HNNCSB complied with the ransom demands.
The breach was reported to the U.S. Department of Health & Human Services’ Office for Civil Rights, affecting 44,312 individuals[15]. HNNCSB has taken steps to secure its systems, implement additional cybersecurity safeguards, and is working with law enforcement agencies, including the FBI, CISA, and the Virginia State Police, to address the incident and prevent future occurrences[4].
Affected individuals are advised to remain vigilant for signs of identity theft and fraud and to take appropriate measures to protect their personal information.
Citations:
- https://www.jdsupra.com/legalnews/hampton-newport-news-community-services-4725310/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
- https://www.hnncsb.org/medical-records-and-compliance
- https://www.hnncsb.org/public-notification
- https://www.databreaches.net/the-big-bad-blackcat-tries-to-bully-hampton-newport-news-csb-shame-on-blackcat/
- https://healthitsecurity.com/news/healthcare-data-breaches-continue-to-impact-patients-in-new-year
- https://www.pilotonline.com/2024/02/08/military-related-legislation-moving-through-virginia-general-assembly-introduced-by-hampton-roads-lawmakers/
- https://www.mass.gov/lists/data-breach-notification-letters-january-2024
- https://www.myinjuryattorney.com/hampton-newport-news-community-services-board-data-breach-class-action-investigation-and-lawsuit-assistance/
- https://hampton.gov/DocumentCenter/View/412/criminaljusticeplan
- https://dbhds.virginia.gov/developmental-services/crisis-services/
- https://www.hipaajournal.com/february-14-2024-healthcare-data-breach-round-up/
- https://irp.cdn-website.com/e8f00713/files/uploaded/H-NN%20CSB%20Human%20Rights%20Policy.pdf
- https://www.mass.gov/doc/assigned-data-breach-number-2024-080-hampton-newport-news-community-services-board/download
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.hnncsb.org
- https://twitter.com/OCRNewBreaches/status/1748374192708280342