Turning Point Clinic, Baltimore’s largest drug-treatment clinic, fell victim to a cyberattack in April that may have allowed hackers to access and copy patients’ information, officials announced this week.
The clinic on E. North Avenue, opened in 2003 by New Life Evangelical Baptist Church to treat opioid addiction, employs 145 people and serves nearly 3,000 patients a day.
Officials learned of the cyberattack April 5 from the clinic’s information-technology provider, Dataprise, and hired a cybersecurity firm, Blue Team Alpha, the following day.
“The hackers knew that we caught them in the act because they attempted to kick us out from our computer systems on April 6,” Turning Point said in a news release. “Perhaps, this is the reason why, to date, no demand for ransom has been made.”
The hackers bypassed antivirus software and a firewall, exploiting an open server port, Turning Point said. The clinic said the server port was shut down to regain control of its systems and prevent future attacks.
“This cyberattack was not caused by Turning Point Clinic’s action or inaction,” the clinic said.
It was not clear exactly how many patients’ information might have been compromised, but Turning Point’s director of technology, Wei Wu, said the number could be in the hundreds.
The information accessed and possibly copied was limited to “only the [patients’] names and Turning Point IDs,” he said.
“We caught it live,” Wu said. “We caught this right on time. We immediately shut down the system. ... We still have our data.”
Wu did not respond to a follow-up question about whether or when affected patients were notified of the breach, beyond the clinic’s news release Friday.
The Rev. Milton E. Williams, Jr., the church and clinic’s founder and CEO, did not respond to an interview request Friday. He told The Sun in 2019 that the East Baltimore clinic is the country’s largest.
Latest Baltimore City
Baltimore Police spokeswoman Detective Chakia Fennoy said the department had no record of being called to assist the clinic with the cyberattack.