Unauthorized Access at Bloom Health Centers: A Timeline of the Incident and Steps Taken to Support Impacted Individuals

On November 1, 2023, suspicious activity was detected in a user’s email mailbox affiliated with Bloom Health Centers, prompting the company to take immediate action. The company worked with a computer forensics firm to determine the extent of the incident and whether any protected information had been accessed.

After a thorough investigation, Bloom Health confirmed on December 6, 2023 that one employee’s mailbox had been accessed without authorization. Efforts to identify and notify individuals whose information was compromised were finalized on June 10, 2024.

Bloom Health Centers takes data security seriously and is committed to assisting those impacted by this incident. Resources are available to provide support and guidance to affected individuals. The potentially affected information included names, addresses, health insurance details, Medicaid/Medicare information, medical information such as diagnoses, prescriptions, treatments, and procedures. In some cases, Social Security numbers, payment card numbers, and/or driver’s license numbers may have also been compromised.

Patients who were originally seen at companies acquired by Bloom Health Centers may be affected by this incident. These companies include Psych Associates of Maryland, Comprehensive Behavioral Health and Kraus Behavioral Health.