Email Accounts Compromised at Biomarin Pharmaceutical and Envision Healthcare Corporation

Share this article on:

Novato, CA-based Biomarin Pharmaceutical has discovered two employee email accounts have been compromised as a result of a phishing attack in which a temporary employee’s login credentials were obtained by the attacker.

The attack was discovered on June 21, 2018 and immediate action was taken to prevent further unauthorized account access. The investigation into the breach determined that the email accounts had been accessed by an unauthorized individual, but it was not possible to tell whether any emails were opened or copied by the attacker.

An analysis of the compromised accounts suggests a document containing names, health insurance information and Social Security numbers may have been in one or both email accounts at the time the breach.

Due to the nature of exposed data, affected individuals have been advised to place a fraud alert on their credit files as a precaution against identity theft and fraud and urged to monitor explanation of benefits statements from insurers for medical services which have not been received.

Biomarin Pharmaceutical has now secured its network and has taken steps to prevent further email account breaches.

Envision Healthcare Corporation Email Accounts Compromised

Portland, OR-based Envision Healthcare Corporation is notifying current and former providers, affiliates, and job applicants that some of their personal information may have been compromised. The information was contained in email accounts which have recently found to have been accessed by an unauthorized individual.

The email accounts were accessed by a third party in July 2018 and contained information such as names, birth dates, Social Security numbers, driver’s license numbers and financial information. To data, no evidence has been uncovered to suggest any information has been stolen and misused, although as a precaution against identity theft and fraud, affected individuals have been offered complimentary identity theft and credit monitoring services through Experian IdentityWorks’ Credit 3B service.

Envision Healthcare Corporation has already taken steps to secure its systems and is evaluating the implementation of multi-factor authentication.

Author: HIPAA Journal

Share This Post On