Cyber Incident Victim: Centerstone

On February 14, 2022, Centerstone detected unusual activity within its email environment, prompting immediate action to secure the affected systems. The organization initiated a comprehensive investigation that revealed unauthorized access to three employee email accounts by an unknown actor between November 4, 2021, and February 14, 2022. During this 102-day period, the intruder potentially obtained a limited amount of data from these compromised accounts. Following containment of the breach, Centerstone conducted an extensive review of the email accounts' contents to identify exposed information. This forensic examination concluded on July 12, 2022, confirming the presence of personal and protected health information belonging to current and former clients. The investigation timeline spanned nearly five months from initial detection to complete analysis of the compromised data.

The compromised information included names, addresses, Social Security numbers, dates of birth, client IDs, medical diagnosis and treatment details, and health insurance information. Centerstone began notifying potentially affected individuals via mailed letters starting August 2, 2022, following a six-week period to verify contact information. While no evidence of data misuse was identified, the organization established a dedicated toll-free call center (1-833-764-0234) operating Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time to address inquiries. Centerstone implemented additional security safeguards for its email environment to prevent similar incidents, though specific technical measures were not disclosed. The breach impacted clients across multiple service lines including mental health, addiction recovery, residential care, and crisis services nationwide. As a nonprofit health organization, Centerstone emphasized the protection of health information as a priority while acknowledging potential concerns stemming from the incident.