Biomarin Pharmaceutical, based in Novato, CA-based has discovered two staff email accounts have been compromised due to a phishing attack in which a non-permanent employee’s login details were obtained by the hacker.
The attack was noticed on June 21, 2018 and swift action was taken to stop additional unauthorized account access. The investigation into the breach showed that the email accounts had been accessed by an unauthorized person, but it was not possible to discover whether any emails were opened or copied by the hacker.
A review of the compromised accounts suggests a document including names, health insurance data and Social Security numbers may have been on one or both email accounts when the breach occurred.
Due to the nature of impacted data, affected individuals have been advised to implement a fraud alert on their credit files as a precaution against identity theft and fraud and advised to monitor explanation of benefits statements from insurers for medical services which have not been administered.
Biomarin Pharmaceutical has now fully protected its network and has taken measures to stop additional email account breaches.
Meanwhile Portland, OR-based Envision Healthcare Corporation is contacting current and former providers, affiliates, and job applicants to advise them that some of their personal information may have been impacted. The information was included in email accounts which, it has recently been discovered, have been accessed by an unauthorized person.
The email accounts were infiltrated by a third party in July 2018 and included information such as as names, birth dates, Social Security numbers, driver’s license details and financial information. To data, no proof has been discovered to suggest any information has been stolen and misused, although as a precautionary measure against identity theft and fraud, those impacted have been offered complimentary identity theft and credit monitoring services through Experian IdentityWorks’ Credit 3B service.
Envision Healthcare Corporation has already implemented measures to secure its systems and is considering employing the use of multi-factor authentication.