Over 200,000 Individuals Potentially Affected by ClearBalance Phishing Attack
San Diego, CA-based ClearBalance, a loan provider that helps patients spread the cost of their hospital bills, was the victim of a phishing attack on March 8, 2021 where employees were tricked into disclosing their login credentials.
ClearBalance identified the email security breach on April 26, 2021 when the attacker attempted to make a fraudulent wire transfer. Steps were immediately taken to secure the email environment and prevent further unauthorized access, and the attempted wire transfer failed. No funds were transferred to the attacker’s account.
A third-party computer forensic investigator was engaged to investigate the breach and to determine whether the attacker accessed or obtained any sensitive data. The investigator confirmed that the breach was limited to the email environment and no other systems were affected and that the unauthorized individual had been ejected from email accounts the day the breach was detected.
The attacker was not able to gain access to the database that hosts the medical record systems of any healthcare providers; however, some sensitive data was present in emails and attachments which were potentially accessed. A review of the contents of the email accounts revealed they contained the following data elements:
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Names, tax IDs, Social Security numbers, dates of birth, government-issued ID numbers, telephone numbers, healthcare account numbers, balance amounts, dates of service, ClearBalance loan numbers and balances, personal banking information, clinical information, health insurance information, and full-face photographic images. The majority of individuals did not have PHI in particular impacted.
Security safeguards have been enhanced to better protect the email environment and personal data, all user passwords have been changed, stronger access controls have been implemented on the network, and procedures for reporting suspicious activity have been updated.
The purpose of the attack appears to have been to make fraudulent wire transfers rather than to obtain sensitive data; however, as a precaution against identity theft and fraud, ClearBalance has offered affected individuals complimentary identity theft protection services, 24 months of credit monitoring services, and cover with an identity theft insurance reimbursement policy.
The breach has been reported to the HHS’ Office for Civil Rights as affecting 209,719 individuals.
