Southwest Behavioral Health Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

On November 13, 2023, Southwest Behavioral Health Center (SBHC), a behavioral health provider based in Saint George, Utah, filed a notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights. The breach was identified as a “Hacking / IT Incident” that targeted a network server, and it resulted in unauthorized access to sensitive consumer information. The exact details of how the breach occurred, whether through a direct attack on SBHC’s network or via one of its vendors, were not specified at the time of the notice[1][4].

The data breach affected 17,147 individuals, and the types of information potentially exposed included names, Social Security numbers, dates of birth, and medical information[4]. SBHC began sending out data breach notification letters to the affected individuals on November 13, 2023, advising them of the breach and the information compromised[1].

SBHC is a comprehensive behavioral healthcare provider that offers a variety of services, including crisis intervention, clinical evaluations, therapy, and prevention services, as well as residential, school-based, and community-based programs. The organization operates five health centers in the southwest counties of Utah and employs over 200 individuals[4].

Victims of the breach were advised to review the breach notice carefully, enroll in any free credit monitoring services provided by SBHC, change passwords and security questions for online accounts, regularly review account statements, monitor credit reports, and consider contacting a credit bureau to request a temporary fraud alert[4].

The breach was part of a larger trend of cyberattacks targeting healthcare facilities, which often hold vast amounts of sensitive personal and health information[9]. Legal firms have been investigating the incident and offering to speak with affected individuals about their rights and potential legal remedies[4][6].

Citations:

  1. https://www.jdsupra.com/legalnews/southwest-behavioral-health-center-1593273/
  2. https://www.wfaa.com/article/news/local/ut-southwestern-medical-center-patient-data-stolen-in-cyberattack-hospital-says/287-9fbeaee0-46a9-420a-9cbe-3b2a130921e0
  3. https://www.utsouthwestern.edu/newsroom/articles/year-2023/july-patient-notification.html
  4. https://www.turkestrauss.com/2023/11/20/southwest-behavioral-health-center-data-breach-investigation/
  5. https://www.myinjuryattorney.com/data-breach-investigation-southwest-behavioral-health-center/
  6. https://potterhandy.com/southwest-behavioral-health-center-sbhc-data-breach-lawsuit
  7. https://www.idstrong.com/data-breaches/southwest-behavioral-health-center-breach/
  8. https://www.breachsense.com/breaches/southwest-behavioral-health-center-sbhc-data-breach/
  9. https://www.jdsupra.com/legalnews/southwest-healthcare-services-announces-1734352/
  10. https://www.hipaajournal.com/warren-general-hospital-data-breach-affects-169000-patients/
Breach Submission Date Nov 13, 2023
Converted Entity Name Southwest Behavioral Health Center
Converted Entity Type Healthcare Provider
State UT
Individuals Affected 17,147
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes