September 31, 2023, Deer Oaks Behavioral Health (“Deer Oaks”) recently experienced a data security incident that may have resulted in unauthorized access to patient health information
Notice of Data Security Incident
September 31, 2023, Deer Oaks Behavioral Health (“Deer Oaks”) recently experienced a data security incident that may
have resulted in unauthorized access to patient health information. This notice is intended to provide notice of the Incident,
steps we are taking in response to the Incident, and resources available to help you protect against the potential misuse of
information. At this time, we have not received any reports of related misuse of health information since the date of the
Incident.
What Happened? On September 1, 2023, Deer Oaks discovered that a segment of its computer systems had been subjected
to unauthorized access and ransomware (the “Incident”). The unauthorized activity was immediately detected and isolated
by Sophos antivirus software limiting the Incident to a one segment of Deer Oaks’ network. Upon discovery of the Incident,
Deer Oaks engaged a specialized cyber forensics team to investigate the root cause and confirm the extent of the
unauthorized activity.
Deer Oaks also conducted a review of the data maintained within the impacted server for purposes of providing notices to
any patients whose information was contained therein. Deer Oaks completed its review on September 29, 2023.
Based upon the results of its review, on October 31, 2023, Deer Oaks mailed notification letters via First Class Mail to all
those patients whose information may have been accessed by an unauthorized user as a result of the Incident.
What Information Was Involved? Based on the review of data maintained within the impacted network servers, it appears
client information may have been impacted and potentially included: names, addresses, dates of birth, Social Security
numbers, diagnosis codes, insurance information, and treatment service types.
What We Are Doing? Data privacy and security are among Deer Oaks’ highest priorities, and there are extensive measures
in place to protect information in Deer Oaks’ care. Since the discovery of the Incident, Deer Oaks moved quickly to
investigate, respond, and confirm the security of its systems. Specifically, Deer Oaks engaged a specialized third-party
cybersecurity firm, changed administrative credentials, and continues to enhance its network security to prevent a similar
incident from occurring in the future.
What You Can Do: We encourage you to remain vigilant, monitor your accounts, and immediately report any suspicious
activity or suspected misuse of your personal information. Again, at this time, we have not received any reports of related
misuse of personal health information since the date of the Incident.
Other Important Information: We recognize that you may have questions not addressed in this notice. If you have
additional questions, please call 1-888-859-9060, Monday through Friday, 8:00 A.M. to 8:00 P.M. Central Time, except
holidays. Deer Oaks sincerely regrets any inconvenience or concern that this matter may cause, and remains dedicated to
ensuring the privacy and security of all information in our control.
September 31, 2023, Deer Oaks Behavioral Health (“Deer Oaks”) recently experienced a data security incident that may
have resulted in unauthorized access to patient health information. This notice is intended to provide notice of the Incident,
steps we are taking in response to the Incident, and resources available to help you protect against the potential misuse of
information. At this time, we have not received any reports of related misuse of health information since the date of the
Incident.
What Happened? On September 1, 2023, Deer Oaks discovered that a segment of its computer systems had been subjected
to unauthorized access and ransomware (the “Incident”). The unauthorized activity was immediately detected and isolated
by Sophos antivirus software limiting the Incident to a one segment of Deer Oaks’ network. Upon discovery of the Incident,
Deer Oaks engaged a specialized cyber forensics team to investigate the root cause and confirm the extent of the
unauthorized activity.
Deer Oaks also conducted a review of the data maintained within the impacted server for purposes of providing notices to
any patients whose information was contained therein. Deer Oaks completed its review on September 29, 2023.
Based upon the results of its review, on October 31, 2023, Deer Oaks mailed notification letters via First Class Mail to all
those patients whose information may have been accessed by an unauthorized user as a result of the Incident.
What Information Was Involved? Based on the review of data maintained within the impacted network servers, it appears
client information may have been impacted and potentially included: names, addresses, dates of birth, Social Security
numbers, diagnosis codes, insurance information, and treatment service types.
What We Are Doing? Data privacy and security are among Deer Oaks’ highest priorities, and there are extensive measures
in place to protect information in Deer Oaks’ care. Since the discovery of the Incident, Deer Oaks moved quickly to
investigate, respond, and confirm the security of its systems. Specifically, Deer Oaks engaged a specialized third-party
cybersecurity firm, changed administrative credentials, and continues to enhance its network security to prevent a similar
incident from occurring in the future.
What You Can Do: We encourage you to remain vigilant, monitor your accounts, and immediately report any suspicious
activity or suspected misuse of your personal information. Again, at this time, we have not received any reports of related
misuse of personal health information since the date of the Incident.
Other Important Information: We recognize that you may have questions not addressed in this notice. If you have
additional questions, please call 1-888-859-9060, Monday through Friday, 8:00 A.M. to 8:00 P.M. Central Time, except
holidays. Deer Oaks sincerely regrets any inconvenience or concern that this matter may cause, and remains dedicated to
ensuring the privacy and security of all information in our control.
