Region 4 South Mental Health Consortium

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

On August 6, 2023, the Region 4 South Mental Health Consortium in Minnesota experienced a ransomware attack that impacted its computer network, particularly affecting Grant County. The consortium provides mental health services to adults in Douglas, Grant, Stevens, Traverse, and Pope counties. Following the cyber attack, Region 4 began working with the county and a digital forensics firm to understand the incident, contain the attack, and determine its scope[1].

The investigation revealed that some data was taken from Grant County’s network. The compromised data included individuals’ names, addresses, dates of birth, Social Security numbers, information regarding services provided, patient identification numbers, insurance identification numbers, billing information, and details about physical, medical, or mental health conditions, diagnoses, treatments, medications, laboratory results, and substance use information. For a small number of individuals, driver’s license numbers were also included. However, the electronic medical record system was not affected by the incident[1].

Region 4 South Mental Health Consortium has taken steps to notify individuals who may have been affected by the breach and is offering credit monitoring services at no cost to those whose Social Security numbers or driver’s licenses were involved. They have also advised individuals to remain vigilant for fraud and identity theft by monitoring their account statements and Explanation of Benefits forms. The consortium has reported the incident to the U.S. Department of Health and Human Services and appropriate state regulators[1].

The consortium has restored much of its data from backups without paying the ransom and is fully operational. They have also committed to investing in internal processes, tools, and resources to secure their network and reduce the likelihood of future incidents[1].

Grant County refused to pay the ransom demanded by the cybercriminals and was able to restore much of its data from existing backups. The county is continuing to evaluate the data impacted by the incident to determine if there is a legal obligation to provide a notice of a data breach, in compliance with Minnesota and federal laws[5].

For those individuals for whom Region 4 did not have sufficient contact information, the consortium has posted a ransomware notice on its website and provided a toll-free telephone number for inquiries[7].

Citations:

  1. https://www.echopress.com/news/mental-health-consortium-which-includes-douglas-county-investigates-cyber-attack
  2. https://www.co.stevens.mn.us/AgendaCenter/ViewFile/Item/86?fileID=1400
  3. https://www.r4sconversations.org
  4. https://www.revisor.mn.gov/laws/2023/0/Session+Law/Chapter/70/
  5. https://grantcountyherald.com/news/mental-health-consortium-data-may-have-been-compromised-in-ransomware-attack/
  6. https://store.samhsa.gov/sites/default/files/pep20-08-01-001.pdf
  7. https://stevenscountytimes.com/ransomware-hackers-gained-access-through-grant-county-computers/
  8. https://www.senate.mn/chamber/amendment/sh2725a-3.html
  9. http://www.r4sconversations.org/rfp/ARMHSapplication-Part3.pdf
  10. https://www.revisor.mn.gov/statutes/cite/245G/pdf
  11. https://www.coursesidekick.com/information-systems/874088
  12. https://www.osa.state.mn.us/media/pgrfc5ee/traversecountyfsml_13_report.pdf
  13. https://konbriefing.com/en-topics/cyber-attacks-usa.html
  14. https://www.samhsa.gov/sites/default/files/ready-to-respond-compendium.pdf
  15. https://www.co.nobles.mn.us/departments/community-services/adult-services/southwestern-minnesota-adult-mental-health-consortium/
  16. https://bja.ojp.gov/sites/g/files/xyckuh186/files/Publications/CSG_Behavioral_Framework.pdf
Breach Submission Date Oct 05, 2023
Converted Entity Name Region 4 South Mental Health Consortium
Converted Entity Type Healthcare Provider
State MN
Individuals Affected 571
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes