hiveleak attacks Behavioral Health System

Incident Date:

July 14, 2022

World map



hiveleak attacks Behavioral Health System


Behavioral Health System




Birmingham, USA

Alabama, USA

First Reported

July 14, 2022

Behavioral Health System Targeted by Hiveleak Ransomware Group

Company Overview

Behavioral Health System, a healthcare provider based in Maryland, offers a comprehensive suite of services aimed at supporting mental health. These services include psychotherapy, medication management, and psychiatric evaluations, catering to individuals seeking mental health support.

Impact of the Attack

The ransomware attack orchestrated by the Hiveleak group has led to the encryption of vital electronic health records and company files, compromising the data integrity of over 14,000 individuals. This disruption has severely impacted patients, restricting access to their medical records, which is crucial for making informed health decisions.

Vulnerabilities and Mitigation

This incident brings to light the escalating threat of ransomware attacks within the healthcare sector. In response, the Office for Civil Rights (OCR) advises all covered entities to reassess vendor relationships, adopt multi-factor authentication, and conduct regular audits of information system activities to bolster cybersecurity defenses.

Following the attack, the HHS Office for Civil Rights (OCR) concluded a ransomware investigation with Behavioral Health System. The settlement required the healthcare provider to pay $40,000 and undertake corrective measures to rectify potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This settlement is notable as it represents only the second instance of such an agreement following a ransomware attack investigation by OCR.

The ransomware attack on Behavioral Health System emphasizes the critical need for stringent cybersecurity protocols in the healthcare industry. With ransomware groups increasingly targeting healthcare providers, it is imperative for these organizations to elevate their cybersecurity posture and adhere to best practices to safeguard sensitive patient information.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.