Community Psychiatric Clinic Announces Data Security Incident - Seattle, Washington

News provided by

Community Psychiatric Clinic

29 Jul, 2019, 08:00 ET

SEATTLE, July 29, 2019 /PRNewswire/ -- Community Psychiatric Clinic ("CPC") provides an array of accredited outpatient mental health treatment and counseling services throughout Seattle and Kings County.  CPC recently identified and addressed a security incident that may have involved personal information and/or protected health information of its clients and staff members.  CPC began providing notice to all individuals potentially impacted by this incident on July 26, 2019.  This release describes the incident, outlines the measures that CPC has taken in response, and advises potentially impacted individuals on steps they can take to further protect their information.

On or about March 12, 2019, CPC became aware of a potential data security incident involving unauthorized access to one of its employees' Microsoft Office365 ("O365") email accounts.  CPC immediately changed all passwords associated with the O365 account, and restored the employee's hard drive, thereby terminating all potentially unauthorized access on March 12, 2019.  CPC also implemented additional security measures on this employee's O365 account to prevent any similar incidents from occurring in the future.  Lastly, CPC undertook an internal investigation which did not identify any signs of data exfiltration.

On or about May 8, 2019, CPC became aware of a separate potential data security incident involving unauthorized access to another employee's O365 account when a malicious actor attempted to induce CPC to engage in a fraudulent wire transfer of funds.   As a result of CPC's immediate efforts to investigate and remediate this event, all funds were recovered.  CPC also immediately changed all passwords associated with the employee's O365 account, thereby terminating all potentially unauthorized access on May 8, 2019, and implemented additional security measures on the account to prevent any similar incidents from occurring in the future.  As a result of these events and in an abundance of caution, CPC undertook a comprehensive external forensic investigation of its entire O365 environment to determine the nature of the data security incidents and confirm that all potential unauthorized access had been terminated.

The external forensic investigation concluded that the O365 accounts referenced above, as well as two additional employees' O365 accounts, were potentially compromised.  CPC immediately undertook efforts to cease any potential unauthorized access on the two additional identified accounts by changing passwords and implementing additional security measures, thereby terminating all potential unauthorized access on May 29, 2019. 

All potential unauthorized access for each of the impacted mailboxes was through Outlook Web Access, significantly reducing the likelihood of large scale data exfiltration.  This was confirmed by the external forensic investigation, which did not identify any signs of data exfiltration.  The forensic investigation also did not identify any access to CPC's servers or workspaces beyond the access to the four O365 accounts via Outlook Web Access.

In continuing its thorough investigation, CPC also undertook a comprehensive manual review process to identify the specific individuals with personal information and/or protected health information contained in the impacted mailboxes, if any.  The forensic investigation and manual review process were completed on July 21, 2019.  Ultimately, the data security incidents described above may have resulted in unauthorized access to personal information and/or protected health information of current and former clients and employees of CPC.  Please note that it is entirely possible that an individual's personal information and/or protected health information may not have been compromised as a result of the incident.

Individuals who have received a notification or who believe that they potentially may have been impacted by this incident are invited to contact (877) 804-6420 between 9:00 a.m. and 9:00 p.m. Eastern Standard Time, Monday through Friday.  CPC understands the importance of protecting the personal information and protected health information maintained on its systems and deeply regrets any concern that this may have caused the potentially impacted individuals.

SOURCE Community Psychiatric Clinic

PRN Top Stories Newsletters

Sign up to get PRN’s top stories and curated news delivered to your inbox weekly!

Thank you for subscribing!

By signing up you agree to receive content from us.
Our newsletters contain tracking pixels to help us deliver unique content based on each subscriber's engagement and interests. For more information on how we will use your data to ensure we send you relevant content please visit our PRN Consumer Newsletter Privacy Notice. You can withdraw your consent at any time in the footer of every email you'll receive. Mit Ihrer Anmeldung erklären Sie sich damit einverstanden, Inhalte von uns zu erhalten.
Unsere Newsletter enthalten Zählpixel, die die Lieferung einzigartiger Inhalte in Bezug auf das Abonnement und die Interessen der einzelnen Abonnenten ermöglichen. Weitere Informationen über die Verwendung Ihrer Daten im Hinblick auf die Zusendung von relevanten Inhalten, finden Sie in unserer PRN Consumer Newsletter Privacy Notice. Ihre Zustimmung können Sie jederzeit in der Fußzeile jeder erhaltenen E-Mail widerrufen. En vous inscrivant à la newsletter, vous consentez à la réception de contenus de notre part.
Notre newsletter contient des pixels espions nous permettant la fourniture à chaque abonné, d’un contenu unique en lien avec ses souscriptions et intérêts. Pour de plus amples informations sur l’utilisation faite de vos données en vue de l’envoi des contenus concernés, nous vous invitons à consulter la politique de confidentialité disponible à partir du lien suivant PRN Consumer Newsletter Privacy Notice. Vous pouvez à tout moment revenir sur votre consentement par le biais des informations situées au bas de chaque e-mail reçu. Регистрирайки се, Вие се съгласявате да получавате информационно съдържание от нас. Нашите бюлетини съдържат проследяващи пиксели, които ни помагат да предоставяме уникално съдържание въз основа на ангажираността и интересите на всеки абонат. За повече информация относно начина, по който ще използваме Вашите данни, за да гарантираме, че Ви изпращаме подходящо съдържание, моля, направете справка с нашето Уведомление за поверителност на потребителския бюлетин на PRN. Можете да оттеглите съгласието си по всяко време в долния колонтитул на всеки от имейлите, които ще получите.