Bloom Health Centers reports secodn data breach within one year

Psych Associates of Maryland LLC, doing business as Bloom Health Centers, is reporting a data security incident that potentially impacted the personal and protected health information of certain individuals.

On November 1, 2023, Bloom Health detected suspicious activity in an email mailbox associated with their operations. Bloom Health secured the mailbox and launched an investigation with the aid of a leading computer forensics firm. By December 6, 2023, the investigation confirmed that one employee's mailbox had been accessed without authorization.

Efforts to identify and verify the contact information for all affected individuals concluded on June 10, 2024.

The breach may affect patients originally seen at companies acquired by Bloom Health, including Psych Associates of Maryland, Comprehensive Behavioral Health, and Kraus Behavioral Health.

The type of information exposed varies among individuals, but may include:

• Names
• Addresses
• Health insurance information
• Medicaid/Medicare information
• Medical information (diagnoses, prescriptions, treatments, and procedures)
• For a limited number of individuals, additional data such as Social Security numbers, payment card numbers, and driver’s license numbers may have been affected.

The number of affected individuals is not disclosed. Bloom Health is notifying all affected individuals.

Previously, Bloom Health Centers reported a data breach in September 2023 exposing data of 1,545 patients, which occurred when they detected suspicious activity in their email system. It seems they haven't improved much.