The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Email Accounts Compromised at Biomarin Pharmaceutical and Envision Healthcare Corporation

Posted By on Oct 12, 2018

Novato, CA-based Biomarin Pharmaceutical has discovered two employee email accounts have been compromised as a result of a phishing attack in which a temporary employee’s login credentials were obtained by the attacker.

The attack was discovered on June 21, 2018 and immediate action was taken to prevent further unauthorized account access. The investigation into the breach determined that the email accounts had been accessed by an unauthorized individual, but it was not possible to tell whether any emails were opened or copied by the attacker.

An analysis of the compromised accounts suggests a document containing names, health insurance information and Social Security numbers may have been in one or both email accounts at the time the breach.

Due to the nature of exposed data, affected individuals have been advised to place a fraud alert on their credit files as a precaution against identity theft and fraud and urged to monitor explanation of benefits statements from insurers for medical services which have not been received.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Biomarin Pharmaceutical has now secured its network and has taken steps to prevent further email account breaches.

Envision Healthcare Corporation Email Accounts Compromised

Portland, OR-based Envision Healthcare Corporation is notifying current and former providers, affiliates, and job applicants that some of their personal information may have been compromised. The information was contained in email accounts which have recently found to have been accessed by an unauthorized individual.

The email accounts were accessed by a third party in July 2018 and contained information such as names, birth dates, Social Security numbers, driver’s license numbers and financial information. To data, no evidence has been uncovered to suggest any information has been stolen and misused, although as a precaution against identity theft and fraud, affected individuals have been offered complimentary identity theft and credit monitoring services through Experian IdentityWorks’ Credit 3B service.

Envision Healthcare Corporation has already taken steps to secure its systems and is evaluating the implementation of multi-factor authentication.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist