Kent County Community Mental Health Authority d/b/a Network180
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
In October 2023, the Kent County Community Mental Health Authority, doing business as Network180, experienced a significant data breach affecting approximately 59,000 current and former employees and clients. This breach was the result of a phishing attack, where an unauthorized party gained access to a Network180 user’s email account through a malicious link. The attack exposed a wide range of personal information, including names, dates of birth, addresses, driver’s license numbers, Social Security numbers, health insurance policy information, medical information, demographic information, and, in some cases, financial account or payment card numbers[9].
Network180 responded to the incident by immediately notifying their IT department and engaging third-party forensic and cybersecurity experts to contain the breach and investigate its extent. They also reported the incident to the FBI. The organization took steps to strengthen its security measures, including hiring cybersecurity staff to proactively monitor their systems and implementing recommendations from forensic experts. This included additional training for employees and vendors[1][5].
Despite the breach, Network180 stated that they do not believe any of the accessed information has been misused. As a precaution, they are offering 12 months of free credit monitoring services to those affected. The organization has taken responsibility for the incident, apologizing to those impacted and emphasizing their commitment to the protection of personal information[1][5].
The breach was reported to various government agencies, including the Office of Civil Rights of the U.S. Department of Health and Human Services and the Michigan Department of Health and Human Services. Network180 has been transparent about the breach, providing a notice on their website and FAQs to address concerns. They have also made efforts to reach out to individuals who may not receive a letter due to being unhoused or transient[1].
This incident highlights the ongoing challenges and risks associated with cybersecurity in the healthcare sector, underscoring the importance of robust security measures and the need for vigilance against phishing attacks[15].
Citations:
- https://www.fox17online.com/news/local-news/kent/information-of-59k-clients-employees-possibly-exposed-in-network180-data-breach
- https://ground.news/article/network180-data-breach-impacts-as-many-as-59-000-people
- https://seculore.com/state/michigan/01-03-2024-mi-network180/
- https://www.network180.org/mobile-crisis
- https://wwmt.com/news/local/network180-phishing-attack-data-breach-date-birth-social-security-address-information-crime-email-it-department-security-kent-county-west-michigan
- https://www.hipaaguide.net/hipaa-breaches/
- https://www.haystack.tv/v/network180-data-breach-impacts-59-000-people
- https://www.network180.org/crisis
- https://www.wzzm13.com/article/news/local/phishing-kent-county-mental-health-authority-network180/69-e9015a95-2cad-4185-91de-0ac127d8fa37
- https://www.calhipaa.com/healthcare-data-breach-report-for-december-2023/
- https://www.scribd.com/document/696366229/Network180-Substitute-Notice
- https://www.freep.com/story/news/health/2024/01/28/michigan-health-care-data-cyberattacks-dana-nessel/72326593007/
- https://www.databreaches.net/mi-kent-county-community-mental-health-authority-notifies-2284-patients-after-phishing-attack/
- https://www.linkedin.com/posts/melissa-bahena-687b471a1_network180-data-breach-impacts-as-many-as-activity-7150156793996902403-BWbX
- https://www.wzzm13.com/article/news/crime/why-healthcare-providers-are-cyber-attack-targets/69-0e62b41b-fd62-4e39-89d1-afcb0568d76b
- https://www.network180.org/document/network180-rpf-telepsychiatry-services-for-behavioral-health-crisis-center
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.network180.org
- https://www.hipaajournal.com/december-2023-healthcare-data-breach-report/