BayMark Health Services discloses data breach exposing PII

BayMark Health Services, Inc., a leading provider of medication-assisted treatment for substance use disorders, recently experienced a significant data breach. The breach occurred between September 24, 2024, and October 14, 2024, when an unauthorized party gained access to files stored on BayMark's IT systems.

The breach was discovered on October 11, 2024, when the company noticed a disruption in its IT operations.

Following an investigation, BayMark determined on November 5, 2024, that the accessed files contained sensitive patient information. The breach affected an undisclosed number of individuals across multiple facilities under BayMark's administration.

The types of consumer information exposed in this breach include:

• Name
• Social Security number
• Driver’s license number
• Date of birth
• Services received
• Dates of service
• Insurance information
• Treating provider
• Treatment and diagnostic information

BayMark disclosed the breach to the California Attorney General on January 9, 2025 and to the Vermont Attorney General on January 8, 2025. The breach has raised concerns due to the highly sensitive nature of the exposed data, particularly as it includes medical and treatment-related information.

BayMark Health Services' Response

In response to the breach, BayMark Health Services took immediate action to secure its systems and launched an investigation with the help of third-party forensic experts. Law enforcement was also notified to assist in addressing the incident.

To mitigate the impact on affected individuals, BayMark is offering a one-year complimentary membership to Equifax Complete Premier. This service includes credit monitoring, identity theft insurance, and assistance with identity restoration. Additionally, the company has implemented enhanced safeguards and technical security measures to prevent similar incidents in the future.

Affected by the data breach?

If you believe you may have been affected by this data breach, it is important to take proactive steps to protect your information and prevent potential misuse. Here’s what you should do:

1. Enroll in the complimentary credit monitoring service: BayMark is offering Equifax Complete™ Premier for one year at no cost. Follow the instructions provided in your notification letter to activate your membership before the enrollment deadline.
2. Monitor your financial accounts and credit reports: Regularly review your bank statements, credit card activity, and credit reports for any unauthorized transactions or changes. You can request a free credit report annually from each of the three major credit bureaus at AnnualCreditReport.com.
3. Place a fraud alert or security freeze on your credit file: A fraud alert notifies creditors to take extra steps to verify your identity before extending credit. A security freeze prevents creditors from accessing your credit report entirely. Contact Equifax, Experian, and TransUnion to set up these protections.
4. Be cautious of phishing attempts: Scammers may attempt to exploit the situation by sending fraudulent emails or phone calls pretending to be BayMark or other trusted entities. Avoid clicking on suspicious links or providing personal information over the phone.
5. Report any suspected identity theft: If you notice signs of identity theft, report it immediately to the Federal Trade Commission at IdentityTheft.gov and your local law enforcement agency.
6. Contact BayMark for assistance: If you have additional questions or concerns, you can reach BayMark Health Services at 855-295-0995, Monday through Friday, 8:00 a.m. to 8:00 p.m. Central Time (excluding holidays).

By taking these steps, you can reduce the risk of identity theft and minimize the impact of the data breach on your financial and personal security.