Cyber Incident Victim: Bi-Bett Corporation
Date:
Feb 2023
Location:
United States of America
Summary
Bi-Bett Corporation, a California-based addiction treatment provider, experienced a data breach after an unauthorized party compromised an employee email account containing sensitive patient information. The breach exposed personal and medical details including names, addresses, Social Security Numbers, driver's license numbers, Medicaid identifiers, and medical reference numbers. The organization initiated an investigation with cybersecurity specialists upon detecting suspicious activity, later confirming unauthorized access to the account and subsequently identifying affected individuals through a review of compromised files. Notification letters were distributed to impacted parties detailing the specific information involved.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Bi-Bett Corporation data breach originated from unauthorized access to an employee email account, first detected on February 17, 2023. Company personnel identified suspicious activity within the account and immediately secured it to prevent further intrusion. Bi-Bett engaged external cybersecurity specialists to conduct a forensic investigation into the incident scope and attack methodology. On April 14, 2023—approximately eight weeks after initial detection—the investigation confirmed that unauthorized actors had compromised the email account and accessed confidential patient information stored within it. The compromised data repository contained highly sensitive personal and medical identifiers including patients' full names, physical addresses, Social Security Numbers, driver's license details, Medicaid identification numbers, and medical reference codes specific to the treatment center.
Bi-Bett Corporation undertook a comprehensive review of the compromised email account contents from February through May 2023 to identify affected individuals and specific data elements exposed. This analysis concluded on May 22, 2023, confirming the breach impacted patients whose treatment information resided in the compromised email system. Notification letters dispatched on June 13, 2023, detailed individualized exposure information for recipients across Alameda, Solano, and Contra Costa Counties—the primary service regions of this Walnut Creek-based addiction treatment facility. The breach exposed systemic vulnerabilities in email account security at behavioral health organizations, which frequently store sensitive patient data including addiction treatment histories and government benefit identifiers. As a provider offering residential treatment, DUI programs, perinatal care, and detox services, Bi-Bett's compromised data created elevated identity theft risks due to the combination of medical, financial, and government identifiers involved. The compromised email system formed part of the operational infrastructure supporting Bi-Bett's treatment programs and sober living facilities serving Northern California since 1969.