Bloom Health Centers, a mental health service provider in Timonium, has recently reported a data security incident that may have compromised the personal and protected health information of certain individuals. Patients who were originally seen at companies acquired by Bloom Health, including Psych Associates of Maryland, Comprehensive Behavioral Health, and Kraus Behavioral Health, may be affected by this incident.
On November 1, 2023, suspicious activity was detected in a user’s email mailbox affiliated with Bloom Health. This prompted the company to take immediate action to secure the mailbox and launch an investigation. With the help of a computer forensics firm, Bloom Health worked to determine the extent of the incident and whether any protected information had been accessed.
After a thorough investigation, Bloom Health confirmed on December 6, 2023 that one employee’s mailbox had been accessed without authorization. The company engaged an independent team to review all data within the mailbox, which was completed on March 25, 2024. Efforts to identify and notify individuals whose information was compromised were finalized on June 10, 2024.
The potentially affected information included names, addresses, health insurance details
