ClearBalance, a loan provider that helps patients finance hospital bills, on July 9 began notifying 209,719 patients that their data was breached in a phishing attack.
Four things to know:
- A phishing incident on March 8 gave an unauthorized third party access to the firm's email accounts until the breach was discovered April 26, according to a July data breach notice.
- On April 26, the company detected an attempted unauthorized wire transfer of ClearBalance funds, but the hackers were unsuccessful.
- The company hired a forensic investigator, which uncovered that accessed email accounts contained personal information. The hack did not involve the database that hosts the medical record systems of any hospital or healthcare provider. Exposed data may include Social Security numbers, driver's license information, healthcare account numbers and more.
- In response to the breach, the company changed the passwords for the hacked email accounts. The company also implemented stronger access controls to its network and updated its procedures for reporting suspicious activity. The email network was secured April 26, the investigation determined.