HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Over 200,000 Individuals Potentially Affected by ClearBalance Phishing Attack

San Diego, CA-based ClearBalance, a loan provider that helps patients spread the cost of their hospital bills, was the victim of a phishing attack on March 8, 2021 where employees were tricked into disclosing their login credentials.

ClearBalance identified the email security breach on April 26, 2021 when the attacker attempted to make a fraudulent wire transfer. Steps were immediately taken to secure the email environment and prevent further unauthorized access, and the attempted wire transfer failed. No funds were transferred to the attacker’s account.

A third-party computer forensic investigator was engaged to investigate the breach and to determine whether the attacker accessed or obtained any sensitive data. The investigator confirmed that the breach was limited to the email environment and no other systems were affected and that the unauthorized individual had been ejected from email accounts the day the breach was detected.

The attacker was not able to gain access to the database that hosts the medical record systems of any healthcare providers; however, some sensitive data was present in emails and attachments which were potentially accessed. A review of the contents of the email accounts revealed they contained the following data elements:

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Names, tax IDs, Social Security numbers, dates of birth, government-issued ID numbers, telephone numbers, healthcare account numbers, balance amounts, dates of service, ClearBalance loan numbers and balances, personal banking information, clinical information, health insurance information, and full-face photographic images. The majority of individuals did not have PHI in particular impacted.

Security safeguards have been enhanced to better protect the email environment and personal data, all user passwords have been changed, stronger access controls have been implemented on the network, and procedures for reporting suspicious activity have been updated.

The purpose of the attack appears to have been to make fraudulent wire transfers rather than to obtain sensitive data; however, as a precaution against identity theft and fraud, ClearBalance has offered affected individuals complimentary identity theft protection services, 24 months of credit monitoring services, and cover with an identity theft insurance reimbursement policy.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 209,719 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.