Patient Care Disrupted by Cyberattack on BHG Opioid Treatment Network

Patient Care Disrupted by Cyberattack on BHG Opioid Treatment Network

A hack on the opioid treatment network Behavioral Health Group resulted in a nearly week-long outage of IT infrastructure and patient care. With more than 80 clinics in seventeen states, Behavioral Health Group (BHG) is one of the largest networks of outpatient opioid treatment facilities in the United States. BHG was hit by a cyberattack last week, forcing them to shut down parts of their IT network to prevent the attack from spreading.

Some clinics were affected by the computer outage, which prevented patients from obtaining their regularly prescribed take-home doses of methadone or suboxone, which are used to treat narcotic addiction. Patients beginning an opioid addiction treatment plan receive their dosages at a clinic. On the other hand, patients on a stable treatment plan can obtain take-home dosages for in-home use.

While some BHG clinics could deliver take-home dosages, numerous patients stated on Reddit [1, 2, 3] that their clinics could not supply the often prescribed drug because the computers were down and printers could not generate prescription labels. Patients said the IT outage and absence of take-homes caused them much pain and worry over the last week because they couldn’t go to the clinic to get their dosages every day due to work or other obligations.

Behavioral Health Group revealed that a security problem affecting our network is being investigated by BHG. After learning about the event, they took some systems down out of an excess of caution and initiated a comprehensive investigation with premier information security professionals. When questioned for more details on the sort of cyberattack and when it happened, BHG said they couldn’t since the investigation was still underway.

The nature of the problem has not been disclosed by BHG. However, it was most likely triggered by a ransomware attack. Some ransomware gangs pledge not to target healthcare facilities, and if they do, they will supply a key for recovery. Other ransomware operations, such as Hive or Vice, are unconcerned about who they attack and demand victims to pay regardless of the actual harm they do.

Moreover, when ransomware operations are carried out, threat actors frequently grab unencrypted data and documents before encrypting devices. Threatening to reveal data if a ransom is not paid, the stolen data is used as leverage. The revelation of stolen data can substantially impact a firm, resulting in a data breach and the possibility of legal action. However, the actual cost is borne by patients whose sensitive information may be made public.


Some BHG patients worry that if threat actors obtained their data, it would expose their addiction and treatment to friends, family, and employers.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.