A data breach involving a third-party benefits administrator affected 130,922 health plan members, including employees of Wake Forest Baptist Medical Center and Wake Forest University, according to a July 1 submission to the HHS Office of Civil Rights.
On March 20, Carolina Behavioral Health Alliance discovered and halted a ransomware attack in which an unauthorized third party accessed and disabled some of the vendor's computer systems, the benefits administrator said in a notice on its website.
The party may have accessed personal information March 19 and March 20, including names, addresses, Social Security numbers, provider names, level of care and health plan information, Carolina Behavioral Health Alliance said. The vendor said it has no evidence any of the data was misused and has started notifying affected individuals.
"Data security is one of CBHA’s highest priorities," the company wrote. "Since the incident, CBHA wiped and rebuilt affected systems and has taken steps to bolster its network security. CBHA also reviewed and altered its policies, procedures and network security software relating to the security of systems and servers, as well as how data is stored and managed."