Cummins Behavioral Health Systems Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating Cummins Behavioral Health Systems, Inc. regarding its recent data breach. The Cummins Behavioral Health Systems data breach involved sensitive personal identifiable information and protected health information belonging to over 157,000 individuals.

ABOUT CUMMINS BEHAVIORAL HEALTH SYSTEMS:

Cummins Behavioral Health Systems is a health care provider specializing in behavioral health and addiction services for people of all ages. Accordingly, Cummins Behavioral Health Systems offers various forms of therapy, substance abuse treatment options, psychiatric services, and more. Founded in 1972, Cummins Behavioral Health Systems provides a wide range of resources, including school-based programs, employment tools, and an on-site pharmacy. Headquartered in Avon, Indiana, Cummins Behavioral Health Systems operates several satellite locations to serve individuals throughout Hendricks, Montgomery, Putnam, Marion, and Boone counties.

WHAT HAPPENED?

On or about March 9, 2023, Cummins Behavioral Health Systems discovered that it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its systems may have been accessed. Through its investigation, Cummins Behavioral Health Systems determined that an unauthorized actor may have accessed this sensitive information through a ransomware attack between February 2 and March 9, 2023. On August 11, 2023, Cummins Behavioral Health Systems began contacting individuals whose information may have been impacted. The type of information exposed includes:

• Name
• Social Security number
• Address
• Date of birth
• Driver’s license or state identification number
• Passport information
• Financial account information
• Payment card information
• Usernames and passwords
• Biometric information
• Health insurance information
• Medical information