Data Breaches at Centerstone, Zenith American Solutions, and Southwest Behavioral & Health Services

Zenith American Solutions, the Sound Health and Wellness Trust’s third-party administrator, just informed people concerning a mailing error that exposed the Social Security numbers of individuals. As per the breach notification, the company sent a mailing to people on June 24, 2022, informing them to finish their Personal Health Tests or Health Profiles to enroll in the 2023 Health Reimbursement Account.

The data employed for creating the mailing labels had full Social Security numbers of people. Therefore , that information was printed completely on the mailing labels as well as complete names, unique ID numbers and postal addresses. The mailing labels furthermore showed someone as having signed up in the Sound Health and Wellness Trust.

Zenith American Solutions mentioned it has enforced new quality control measures to make certain there are no the same incidents later on and affected persons received offers of complimentary credit monitoring and identity theft protection solutions for two years.

The breach report submitted to the HHS’ Office for Civil Rights stated that 37,146 persons were impacted.

Centerstone Email Security Breach

Centerstone, providing residential care, mental health, therapeutic foster care, addiction recovery, crisis and counseling services, has just reported that the protected health information (PHI) of a number of present and past Centerstone clients was compromised and likely acquired by unauthorized people.

The abnormal activity was found in the Centerstone email environment on February 14, 2022. The provider took prompt steps to protect email accounts by carrying out a password reset and looked into the incident to find out the nature and extent of the data breach. The investigation established that an unauthorized third party accessed three employee email accounts from November 4, 2021 to February 14, 2022.

A detailed analysis of the affected email accounts was finished on July 12, 2022, and affirmed they included individuals’ PHI for instance names, dates of birth, addresses, Client ID Numbers Social Security numbers, health diagnoses, treatment details, and/or medical insurance data.

Centerstone has sent the breach report to the HHS’ Office for Civil Rights, nevertheless, the incident is not yet posted on the OCR breach site. Hence, it is uncertain how many persons were impacted. Centerstone explained it has put in place extra safeguards to better safeguard its email system.

Breach of Employee Email Account at Southwest Behavioral & Health Services

Southwest Behavioral & Health Services based in Phoenix, Az offers outpatient mental health therapy and psychiatric services. It lately advised 1,337 people regarding an unauthorized third party that obtained access to the email account of a worker. The email account comprised individuals’ names, birth dates, addresses, email addresses, telephone numbers, resume data, medical diagnosis details, and Social Security numbers.

The breach was noticed on July 15, 2022. It was affirmed to have happened on May 5, 2022. The organization delivered notification letters to affected people on August 1, 2022. There was no proof discovered that suggests the theft of any PHI; nonetheless, as a safety measure, impacted persons were provided a free identity theft protection services membership via IDX.

Southwest Behavioral & Health Services stated additionally that safety measures were carried out to stop other email data breaches and more security awareness training was given to the staff.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at