PHI of 67,493 Burrell Behavioral Health Patients Exposed Due to Business Associate Breach

Burrell Behavioral Health is informing 67,493 patients about the accidental exposure of their healthcare records due to an error that occurred in August 2018 at an unnamed business associate.

Images were stored by the business associate which showed the protected health information (PHI) of certain Burrell Behavioral Health patients. The data was exposed because of an error introduced into the internet-facing portal used by the business associate. The following information was visible in the images: Names, addresses, phone number, birth dates, sex, dates of service, types of service rendered, health insurance details, Social Security numbers and driver’s license numbers.

Burrell Behavioral Health learned about the exposure of patient information on January 30, 2019 and notified its business associate, which promptly secured the server.

To find out which information was exposed, and whether PHI was accessed, a forensic team conducted an investigation. They learned that patient data was uploaded in August 2018 although there were no indications that anyone accessed the information. Automated website crawlers and scanners also did not access the information.

Because of the file format of the images, it was not possible for the files to be found by means of general web surfing or web searches.

The investigators came to the conclusion that there was a “very low probability” of unauthorized data access. Individuals who had their Social Security number exposed have been offered free identity theft monitoring and protection services as a precaution.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Burrell Behavioral Health has implemented measures to prevent breaches of similar nature and is working together with its business associates to make certain that technical and administrative security measures are in place to protect patient data.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: