CKF Addiction Treatment, Inc. disclosed a recent data breach to the U.S. Department of Health and Human Services Office for Civil Rights on November 17, 2023. The breach allowed an unauthorized party to access sensitive consumer information, compelling CKF to initiate data breach notification procedures.
The incident, categorized as a “Hacking / IT incident,” targeted one or more email accounts, with limited specifics disclosed regarding its origin—whether it directly targeted CKF or involved a vendor handling CKF’s confidential data.
In response to the breach, CKF Addiction Treatment conducted a comprehensive review of compromised files to assess the leaked information and identify affected consumers. Although the filing did not specify the breached data types, incidents involving protected health information (PHI) affecting 500 or more individuals mandate reporting to HHS, implying the probable involvement of PHI and potentially other data.
On November 17, CKF commenced issuing data breach notification letters directly to impacted individuals, detailing the compromised information specific to each victim. While the HHS filing lacked details on the leaked data types, the notification letters aim to provide comprehensive information to affected parties.
Established in 1967, CKF Addiction Treatment, based in Salina, Kansas, specializes in mental health and behavioral services focusing on substance abuse disorders. With locations in Salina, Abilene, and McPherson, CKF offers residential and outpatient rehabilitation, alongside recovery coaching services. Employing over 33 individuals, the organization generates an annual revenue of approximately $5 million.