Columbus nonprofit organization announces data breach of its computer network
A nonprofit organization in Columbus has announced a data breach of its computer network, possibly compromising the privacy of an unspecified number of people.
New Horizons Behavioral Health, which provides mental health services, addiction treatment and support for developmental disabilities to residents of eight counties in west-central Georgia, posted its “notice of data privacy event” on its website March 18.
The data breach “may impact the privacy of information related to certain individuals,” the notice said. “New Horizons is not aware of any identity theft, fraud or actual misuse of the involved information at this time, but is nonetheless notifying potentially impacted individuals in order to provide information about the event, and to provide resources that potentially impacted individuals can take advantage of to better protect against potential misuse of their information, should they feel it appropriate to do so.”
What happened and when in the New Horizons data breach
According to New Horizons, “suspicious activity” was observed on its computer network Jan. 18.
“We immediately launched an investigation to determine the nature and scope of the activity,” the notice said. “We also took significant steps to ensure we could continue to securely treat patients while our investigation was ongoing.”
Through its investigation, New Horizons determined “an unauthorized actor” entered its computer network between Jan. 15-18 and “accessed and/or obtained certain files during that time period,” according to the notice.
“New Horizons began a diligent and comprehensive review in order to identify the individuals whose information may have been included in the impacted files,” the notice said, “and in order to attempt to locate address information for potentially impacted individuals so it could proceed with notification.”
With help from “third-party subject matter specialists,” New Horizons is “working as quickly as possible,” but that review continues, according to the notice.
“Once complete, New Horizons will mail written notification letters to potentially impacted individuals for whom we could locate an address,” the notice says.
Information involved in New Horizons data breach
The types of information found in the impacted computer files include “some or all” of the following, according to the notice:
- Name
- Address
- Date of birth
- Social Security number
- Driver’s license number
- Financial account information
- Medical/health insurance information including, but not limited to, prescription information, treatment location and information, medical diagnosis, medical record numbers, provider name, health insurance policy information and identification numbers, and other similar types of information.
“Once New Horizons completes its comprehensive review of the impacted files,” the notice said, “it will include information on the impacted types of data in the letters that are mailed to notified individuals.”
Next steps in New Horizons data breach investigation
New Horizons has enhanced its computer security protocols since the data breach, according to the notice, and will offer free credit monitoring to all notified individuals after completing its review of the impacted files.
For more information about this data breach, call New Horizons at 800-405-6108, Mondays through Friday, excluding holidays, from 8 a.m. to 8 p.m. EDT or write to New Horizons at 2100 Comer Avenue, Columbus, GA 31906. No email address is mentioned in the notice.
The Ledger-Enquirer didn’t reach a New Horizons official to answer questions before publication.
