Confidant Health Cybersecurity Incident Investigation
Strauss Borrelli PLLC, a leading data breach law firm, is investigating Confidant Health regarding its recent cybersecurity incident. The Confidant Health cybersecurity incident may impact the privacy of sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT CONFIDANT HEALTH:
Confidant Health is a mental healthcare provider based in Texas. Today, Confidant Health offers a wide range of services to individuals, including alcohol rehab, online suboxone clinic, pre-addiction treatment, addiction treatment, behavior change program, recovery coaching, opioid withdrawal management, and medication assisted treatment. Currently, Confidant Health provides clinical services in Connecticut, New Hampshire, Virginia, Texas, and Florida.2 Additionally, Confidant Health offers its digital therapeutic resources, recovery coaching, and groups in all states.2 Headquartered in Austin, Texas, Confidant Health employs over 10 individuals.
WHAT HAPPENED?
Recently, it was reported by an online source that Confidant Health had experienced a cybersecurity incident impacting the privacy of its patients’ data. According to this source, a cybersecurity researcher discovered a non-password-protected database that contained thousands of records belonging to Confidant Health.1 The exposed database contained 126,276 files (totaling 5.3 TB) and a separate folder held 1,755,571 logging records.1 These files include the names and personal identifiable information of the patients, counselors, and medical professionals.1 The patients’ records contained images of driver’s licenses, ID cards, insurance cards, Medicaid cards, letters of care listing prescription medication, and medical record requests or waivers.1 The database also contained diagnostic drug tests indicating names, addresses, and test results for specific substances.1 Additionally, this researcher discovered documents indicating psychotherapy intake notes and psychosocial assessments that provided details about mental health or substance abuse, touching upon the patients’ family issues, psychiatric history, trauma history, medical conditions, and additional diagnoses.1
According to the source, after discovering the database the researcher notified Confidant Health of the exposure. Confidant Health responded by restricting public access to the documents and stating that it would investigate the incident.1 At this time, it is not known how long these documents were exposed to the public or if anyone else may have accessed the database.1 As of September 9, 2024, Confidant Health has not publicly acknowledged the data exposure or confirmed whether the incident resulted in a data breach.
If you believe that you have been impacted by the Confidant Health cybersecurity incident:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
