Cyber Incident Victim: Haven Behavioral Hospital

Haven Behavioral Hospital of Philadelphia and Haven Behavioral Hospital of Eastern Pennsylvania detected unusual activity on certain systems on or around September 27, 2020. The organization initiated an investigation, which determined that unauthorized access to specific files may have occurred between September 24 and September 27, 2020. By March 11, 2021, Haven completed its review of the potentially compromised files and confirmed they contained personal information of some individuals. The exposed data included names, dates of birth, medical history details, treatment information, provider details, patient identification numbers, and health insurance information. This security breach potentially affected patients across multiple facilities, with the hospital later updating its notification on March 31, 2021, to include its Albuquerque location among the impacted sites. The incident represented a compromise of sensitive health information that could expose affected individuals to privacy risks and potential identity theft.

In response to the breach, Haven Behavioral Hospital began mailing notification letters to potentially affected individuals by March 23, 2021. The organization established a dedicated toll-free call center (833-416-0845) to address questions about the incident and offered credit monitoring services to those impacted. Haven emphasized that maintaining the confidentiality of personal information remained a priority and stated they were implementing enhanced security measures to prevent similar incidents. The hospital did not publicly disclose the exact number of affected individuals or the specific technical nature of the breach. The incident timeline spanned from the initial intrusion period in late September 2020 through the completion of the data review in March 2021, with ongoing notifications and response measures continuing through at least the end of that month.