An email phishing incident may have compromised the protected health information of about 300,000 members of Pittsburgh-based Highmark Health, a spokesperson told Becker's.
Between Dec. 13 and Dec. 15, a hacker got access to files containing members' data after sending a malicious phishing link to an employee's email, according to the statement.
The health system said the compromised data may have included such information as procedures, prescriptions, passport numbers, Social Security numbers and financial information. The organization said it isn't aware of any of the data being misused.
"Highmark takes the security of member information seriously and has implemented a robust action plan to bolster employee training on phishing email threats to prevent future incidents of this nature," the statement said.
The breach was first reported Feb. 5 by DataBreaches.net.