Bloom Health Centers, a mental health service provider in Timonium, recently reported a data security incident that may have compromised the personal and protected health information of certain individuals. Patients who were originally seen at companies acquired by Bloom Health, including Psych Associates of Maryland, Comprehensive Behavioral Health, and Kraus Behavioral Health, may be affected by this incident.
On November 1, 2023, suspicious activity was detected in a user’s email mailbox affiliated with Bloom Health, prompting the company to take immediate action to secure the mailbox and launch an investigation. With the help of a computer forensics firm, Bloom Health worked to determine the extent of the incident and whether any protected information had been accessed.
After a thorough investigation, Bloom Health confirmed on December 6, 2023, that one employee’s mailbox had been accessed without authorization. The company engaged an independent team to review all data within the mailbox, which was completed on March 25, 2024. Efforts to identify and notify individuals whose information was compromised were finalized on June 10, 2024.
The potentially affected information included names, addresses, health insurance details, Medicaid/Medicare information, and medical information such as diagnoses, prescriptions, treatments, and procedures. In some cases, Social Security numbers, payment card numbers, and/or driver’s license numbers may have also been compromised.
Bloom Health Centers takes data security seriously and is committed to assisting those impacted by this incident. Resources are available to provide support and guidance to affected individuals.