By HFT Staff

On April 26, 2024, Santa Rosa Behavioral Healthcare Hospital began mailing notification letters to certain patients whose information was involved in an incident.

On January 28, 2024, they learned of an incident that disrupted the operations of some of their IT systems. They immediately took steps to secure their systems, launched an investigation with the assistance of third-party forensic experts, and notified law enforcement. Their investigation determined that an unauthorized party accessed some of their systems between January 27, 2024, and January 28, 2024, and accessed or acquired certain files. They then initiated a review and analysis of those files, which is ongoing.

Through the ongoing analysis, they determined the files contained information belonging to certain patients. The information involved varied per patient but may have included some or all the following: patients’ names, dates of birth, medical record numbers, services received, dates of services and treating physician. Some patients may have also had Social Security numbers and/or driver’s license numbers involved.

Patients whose information was involved are encouraged to review the statements they receive from their healthcare providers and health insurers. If they see services they did not receive, they should contact the provider or insurer that issued the statement immediately. Additionally, Santa Rosa Behavioral Healthcare Hospital is offering complimentary identity monitoring services to patients whose Social Security numbers or driver’s license numbers may have been involved.

To help prevent something like this from happening again, they have implemented additional safeguards and technical security measures to further protect and monitor their systems.