HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Email Accounts Compromised at Biomarin Pharmaceutical and Envision Healthcare Corporation

Novato, CA-based Biomarin Pharmaceutical has discovered two employee email accounts have been compromised as a result of a phishing attack in which a temporary employee’s login credentials were obtained by the attacker.

The attack was discovered on June 21, 2018 and immediate action was taken to prevent further unauthorized account access. The investigation into the breach determined that the email accounts had been accessed by an unauthorized individual, but it was not possible to tell whether any emails were opened or copied by the attacker.

An analysis of the compromised accounts suggests a document containing names, health insurance information and Social Security numbers may have been in one or both email accounts at the time the breach.

Due to the nature of exposed data, affected individuals have been advised to place a fraud alert on their credit files as a precaution against identity theft and fraud and urged to monitor explanation of benefits statements from insurers for medical services which have not been received.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Biomarin Pharmaceutical has now secured its network and has taken steps to prevent further email account breaches.

Envision Healthcare Corporation Email Accounts Compromised

Portland, OR-based Envision Healthcare Corporation is notifying current and former providers, affiliates, and job applicants that some of their personal information may have been compromised. The information was contained in email accounts which have recently found to have been accessed by an unauthorized individual.

The email accounts were accessed by a third party in July 2018 and contained information such as names, birth dates, Social Security numbers, driver’s license numbers and financial information. To data, no evidence has been uncovered to suggest any information has been stolen and misused, although as a precaution against identity theft and fraud, affected individuals have been offered complimentary identity theft and credit monitoring services through Experian IdentityWorks’ Credit 3B service.

Envision Healthcare Corporation has already taken steps to secure its systems and is evaluating the implementation of multi-factor authentication.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.