Santa Barbara County Department and Baptist Health Report Cyberattack

Medical Record Breach at Santa Barbara County Department of Behavioral Wellness

Santa Barbara County Department of Behavioral Wellness located in California has lately reported that an employee viewed the medical files of patients with no authorization. On March 30, 2022, the department discovered unauthorized access when it applied a new security program for identifying unauthorized access to medical records. It immediately identified the HIPAA breach.

The department immediately blocked the access of the employee to the medical record system as the investigation was in progress. The employee involved also faced suitable disciplinary measures. The records viewed by the employee contained names, phone numbers, addresses, email addresses, Social Security numbers, insurance details, health record numbers, and medical data. There was no data found indicating that any patient data was printed, transmitted externally, or written on paper. The department stated it’s going to perform further security audits later on and it is going to update client outreach processes to avoid any recurrences.

The department already sent notification letters to all impacted persons. The breach is not yet posted on the HHS’ Office for Civil Rights web portal, therefore the number of affected individuals is still uncertain.

Baptist Health States Potential Compromise of Patient Information in Cyberattack

Baptist Health lately started sending notifications to patients concerning a cyberattack that was uncovered on April 20, 2022. The attack may have involved the installation of malicious code on its network. As per the report, an unauthorized individual acquired access to particular Baptist Health systems between March 31 and April 24, 2022. During that time of access, some information was taken from its systems.

Upon identification of the breach, user access was terminated; the affected systems were taken off the internet to block continued unauthorized access, and cybersecurity protection practices were enforced. The sections of the system that were exposed stored the records of patients of Baptist Medical Center located in San Antonio and Resolute Health Hospital based in New Braunfels in Texas. The compromised data included names, addresses,
dates of birth, Social Security numbers, health insurance data, medical record numbers, doctor and center names, chief problem/intent for a visit, dates of service, visit measures and diagnosis data, and billing and claims details.

Baptist Health pointed out it is strengthening its security and monitoring features to cut down the risk of continuing data breaches. Affected persons have been advised and people whose Social Security numbers were likely compromised were given free credit monitoring and identity protection services.

The breach is not yet posted on the HHS’ Office for Civil Rights web portal, and so the number of individuals impacted is not clear presently.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.