On November 1, 2023, Bloom Health Centers in Timonium announced a data security incident that may have compromised the personal and protected health information of certain individuals. The incident occurred at companies acquired by Bloom Health, including Psych Associates of Maryland, Comprehensive Behavioral Health, and Kraus Behavioral Health.
Suspicious activity was detected in a user’s email mailbox affiliated with Bloom Health on November 1st. The company immediately took action to secure the mailbox and launched an investigation with the help of a computer forensics firm. After a thorough investigation, Bloom Health confirmed on December 6th that one employee’s mailbox had been accessed without authorization. An independent team reviewed all data within the mailbox, which was completed on March 25th, 2024. Efforts to identify and notify individuals whose information was compromised were finalized on June 10th, 2024.
The potentially affected information included names, addresses, health insurance details, Medicaid/Medicare information, medical information such as diagnoses, prescriptions, treatments and procedures as well as some cases Social Security numbers