19,000 People Impacted by Ransomware Attack on Directions for Living

The non-profit behavioral health service provider Directions for Living based in Clearwater, FL experienced a ransomware attack last July 17, 2021.

When Directions for Living found out about the attack, it let law enforcement and got third-party computer forensics experts investigating the scope of the cyberattack and help take care of remediation. The investigation into the attack was concluded on August 30, 2021.

An evaluation of the servers possibly accessed by the attackers confirmed that they contained personal and protected health information (PHI) of past and present clients. The data possibly compromised included names, birth dates, addresses, Social Security numbers, diagnostic codes, claims information, insurance data, names of medical providers, date of service, and certain health information. Directions for Living mentioned the attack had no impact on its electronic medical record system and the hackers could not view them. In addition, clients’ financial information was kept on other unaffected servers. Though unauthorized people might have accessed personal information and PHI, Directions for Living reported there’s no information regarding any actual or attempted data misuse.

Directions for Living is well-known as a reputable resource for those in search of a welcoming and caring behavioral health company. It has been seriously doing its role and serving the people for almost 40 years. Privacy is always its number one priority, and it is working really hard to take the proper action and make sure its clients are safe, not to mention all their records.

The provider began notifying the affected people on August 30, in accordance with the requirements of the HIPAA Breach Notification Rule. The affected people were advised to be skeptical and keep an eye on their credit reports, explanation of benefits statements, and bank account statements for signs of fraudulent activity. Those clients who had their Social Security numbers compromised got zero-cost credit monitoring and identity theft protection services for one full year.

Directions for Living already sent the breach report to the Department of Health and Human Services’ Office for Civil Rights. There were 19,494 individuals affected by the compromised servers.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.