Highmark recently announced that they were one of the recent victims of a sensitive data breach.
According to their filing, the data breach was a result of a phishing attack, which compromised an employee email account.
The breach gave perpetrators access to an estimated 300,000 records of patients’ data which may have included their full names, social security numbers, financial information, insurance information and protected health information.
Per the filing, Highmark began notifying those who were impacted by the incident via data breach notification letters. Highmark’s filing provides additional details pertaining to the data breach including the fact that the organization first learned about the incident on December 15, 2022.
Following their investigation, Highmark determined that the incident was caused by a malicious email that had been sent to one of their employee’s email addresses.
Furthermore, the investigation concluded that their employee’s account had been compromised and accessed by perpetrators between December 13, 2022, and December 15, 2022.
As victims of the data breach, 300,000 consumers may now be subjected to increased risk of potential identity theft and fraud. Whether you are impacted by this incident or others, here are three simple, yet effective steps you can take to mitigate the associated risks of a data breach.
- Self-Audit – Periodically review all your subscriptions and account details. We recommend that, wherever possible, you deactivate accounts that are no longer being used.
- Password Security – In addition to reviewing your subscriptions, make sure to evaluate the password “health” for each account (including password reuse, history, complexity, and age).
- React Quickly –Being prepared is always the best defense, but if you have been notified of a breach or suspect that you are a potential victim, immediately work to change your password and email address subject to the breach.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our?Digital Forensics and Incident Response?teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Want to be in the know? Subscribe to our bi-weekly newsletter,?Focus on Cybersecurity, at?www.schneiderdowns.com/subscribe.
To learn more, visit our dedicated Cybersecurity page.
