Cyber Incident Victim: Prestera Center for Mental Health Services
Date:
Dec 2020
Location:
United States of America
Summary
A behavioral health services provider experienced unauthorized access to its business email environment, potentially exposing sensitive patient information to an unauthorized individual. The compromised data included names, dates of birth, medical identifiers, diagnostic details, treatment information, and in some cases addresses, Social Security numbers, and government program IDs. While no evidence of actual misuse was identified, the organization offered affected individuals complimentary identity theft restoration and credit monitoring services. In response to the incident, security enhancements were implemented, including multi-factor authentication, firewall upgrades, revised policies, and comprehensive staff cybersecurity training to mitigate future risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Prestera Center for Mental Health Services, a West Virginia-based provider of behavioral health and addiction treatment services, discovered a data security incident involving unauthorized access to its business email environment. The breach exposed sensitive personal and medical information belonging to current and former patients to an unknown unauthorized individual. Upon discovering the incident, the organization launched an investigation with assistance from a third-party vendor to determine the scope and nature of the compromise. The forensic review revealed that exposed information included patient names, dates of birth, medical record numbers, patient account numbers, diagnostic details, healthcare provider information, prescription data, and treatment information. For some individuals, the compromised data extended to physical addresses, Social Security numbers, and Medicare/Medicaid identification numbers, with the specific combination of exposed elements varying per affected patient. Prestera Center confirmed the incident did not impact all patients, only affecting a small percentage of their patient population. Throughout their investigation, the organization found no evidence suggesting any attempted or actual misuse of the compromised information following the unauthorized access event.
The healthcare provider began notifying affected individuals via first-class mail on December 31, 2020, detailing the nature of the breach and offering complimentary identity theft restoration services and credit monitoring through ID Experts. Patients were directed to contact designated representative Craig Zappin during business hours for additional information or assistance. Concurrent with patient notifications, Prestera Center implemented multiple security enhancements to prevent recurrence, including strengthening their cybersecurity infrastructure through firewall replacements, policy revisions, and implementation of multi-factor authentication across all accounts. The organization also developed an intensive security training program for all staff members. CEO Karen Yost publicly acknowledged the incident in a statement posted to the organization's website, expressing regret for any inconvenience or concern while reaffirming Prestera Center's commitment to information security and patient privacy protections. The organization maintained its position that no evidence existed indicating malicious use of patient data resulting from this specific email system compromise.