Centerstone

Centerstone operates as a nonprofit health organization with its headquarters situated in the United States of America. The organization’s primary mission is to deliver mental health and substance abuse services to individuals seeking treatment for psychiatric conditions and substance use disorders. It serves a diverse patient population that includes adults, adolescents, and families requiring counseling, therapy, and related support programs. As a health service provider, Centerstone routinely collects, stores, and transmits personal and protected health information belonging to its clients. Its nonprofit status differentiates it from many for‑profit behavioral health companies that operate in the same sector. Centerstone’s core competency lies in providing evidence‑based clinical interventions, case management, and community‑based outreach initiatives. The organization’s focus on mental health and substance abuse treatment positions it as a specialized provider within the broader healthcare landscape.

In December 2019, an employee’s email account at Centerstone was accessed without authorization, leading to the exposure of personal information belonging to current and former patients and employees. The 2019 incident was investigated internally with the assistance of an independent forensics firm to determine the scope and origin of the breach. Notification of the 2019 breach was issued considerably after the unauthorized activity had occurred, following the completion of the investigation. In February 2022, a series of unauthorized accesses to three employee email accounts were detected over several months through monitoring of unusual email activity. The 2022 breach potentially compromised a wide range of data, including names, addresses, Social Security numbers, dates of birth, client IDs, medical diagnoses, treatment details, and health insurance details. Upon detection, Centerstone initiated immediate containment measures and launched a formal investigation to assess the impact of the incident. No evidence of misuse of the exposed information was found after the 2022 investigation concluded. Affected individuals were notified and offered support resources such as credit monitoring and identity‑theft protection services. In response to the 2022 incident, the organization implemented additional email security safeguards, including enhanced multi‑factor authentication and improved monitoring controls. These events highlight Centerstone’s ongoing responsibility to safeguard sensitive health information in accordance with applicable privacy and security standards.