Lifetime Psychiatry Data Breach Affects 16,926 Individuals

Lifetime Psychiatry, LLC recently disclosed a data breach that affected 16,926 individuals in the United States. The breach occurred between September 25 and September 27, 2024, when an unauthorized individual gained access to an employee's email mailbox.

The suspicious activity was identified and terminated on September 27, 2024. Following a thorough investigation, it was confirmed on October 31, 2024, that sensitive information contained in the mailbox was likely accessed by the unauthorized party.

The compromised data primarily included personal and medical information used for billing purposes:

• Name
• Address
• Telephone number
• Date of birth
• Health insurance information
• Clinical information
• Diagnostic and treatment information

Additionally, for some individuals, more sensitive data may have been exposed, such as:

• Bank account information
• Credit card data
• Social Security numbers

It is important to note that there is no evidence suggesting that the mailbox contained detailed treatment information. However, the breach still poses significant risks, especially for those whose financial or Social Security information was affected.

The breach was reported to the U.S. Department of Health and Human Services (HHS) on December 30, 2024. You can view the official disclosure on the HHS Breach Portal.

Lifetime Psychiatry, LLC's Response

In response to the breach, Lifetime Psychiatry has taken several measures to enhance the security of its systems and prevent future incidents. The company engaged external security and legal advisors to assist with the investigation and response. To strengthen its defenses, Lifetime Psychiatry implemented additional security measures, including:

• Enhancing policies and controls related to multi-factor authentication (MFA)
• Strengthening conditional access policies

These steps aim to mitigate the risk of unauthorized access to sensitive information in the future.

Steps to take if you are affected by the data breach

If you believe your information may have been compromised in this breach, it is essential to take proactive steps to protect yourself. Given the nature of the exposed data, you should prioritize securing your financial and personal information. Here’s what you can do:

1. Place a fraud alert: Contact one of the three major credit bureaus to place a fraud alert on your credit report. This will make it more difficult for identity thieves to open accounts in your name. The credit bureau you contact will notify the other two.
2. Review your credit reports: After placing a fraud alert, you are entitled to a free credit report from each bureau. Check these reports carefully for any unauthorized accounts or activity.
3. Monitor your accounts: Keep a close eye on your bank accounts, credit card statements, and other financial accounts for any signs of suspicious activity.
4. Enroll in free credit monitoring: Lifetime Psychiatry has partnered with Equifax to offer affected individuals free credit monitoring services. Visit www.equifax.com/activate and use your unique activation code to enroll.
5. File a police report if necessary: If you notice any fraudulent activity, contact your local law enforcement agency and file a report. Keep a copy of the report for your records.
6. Learn more about identity theft prevention: The Federal Trade Commission (FTC) provides valuable resources to help protect against identity theft. Visit the FTC’s identity theft page for more information.

By taking these steps, you can reduce the risk of identity theft and financial harm resulting from the breach.