Cyber Incident Victim: Evergreen Treatment Services
Date:
Feb 2023
Location:
United States of America
Summary
Evergreen Treatment Services experienced a cybersecurity incident involving unauthorized access to its IT systems, compromising sensitive patient data including names, addresses, dates of birth, Social Security numbers, and treatment information. The breach affected 21,325 individuals, prompting the substance abuse treatment provider to notify impacted patients and collaborate with third-party cybersecurity experts to investigate the incident. As part of its response, the organization reviewed compromised files and submitted a required disclosure to federal health authorities. Founded in Seattle, the nonprofit delivers addiction services and operates multiple clinics while managing significant patient confidentiality responsibilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Evergreen Treatment Services (ETS) confirmed a data breach affecting 21,325 patients in a filing with the U.S. Department of Health and Human Services Office for Civil Rights on February 10, 2023. The organization discovered a cybersecurity incident that compromised its IT systems, enabling an unauthorized party to access files containing sensitive patient information. ETS did not publicly disclose the specific timeline of the cyberattack, including the dates of intrusion or initial detection. Upon identifying the incident, the organization engaged third-party cybersecurity experts to investigate the scope and determine the nature of the impacted data. The forensic analysis confirmed unauthorized access to confidential patient records stored within ETS's network. The compromised data included personally identifiable information such as full names, residential addresses, dates of birth, Social Security Numbers, and treatment-related details specific to substance abuse services. The breach investigation did not reveal evidence pointing to misuse of the stolen data at the time of notification. ETS finalized its review of affected files to identify impacted individuals prior to initiating breach notifications.
The breach directly affected current and former patients across ETS’s four Washington State clinics in Seattle, South King County, South Sound, and Reach Clinic. ETS mailed individualized notification letters to all 21,325 affected persons on February 10, 2023, detailing the compromised data categories but not specifying whether the breach stemmed from external hacking, insider threats, or malware. As a substance abuse treatment provider operating since 1973, ETS handles clinically sensitive data tied to opioid use disorder and other addiction treatments, alongside coordinating social services for homeless populations. The organization’s annual revenue of $11.4 million and workforce of 267 employees contextualize its operational scale prior to the incident. No disruptions to clinical operations or service suspensions were mentioned in the breach disclosure. The HHS-OCR filing provided the sole authoritative count of affected individuals, though the analysis did not specify whether encryption or other technical safeguards were in place on the accessed systems. ETS did not report offering credit monitoring or identity theft protection services in its initial breach notifications as described in the public documentation.