Highmark Data Breach Impacts an Estimated 300,000 Patients’ Data

Cybersecurity, Health Care
by Han Jumashov
share with a colleague Download PDF

Highmark recently announced that they were one of the recent victims of a sensitive data breach.

According to their filing, the data breach was a result of a phishing attack, which compromised an employee email account.

The breach gave perpetrators access to an estimated 300,000 records of patients’ data which may have included their full names, social security numbers, financial information, insurance information and protected health information.

Per the filing, Highmark began notifying those who were impacted by the incident via data breach notification letters. Highmark’s filing provides additional details pertaining to the data breach including the fact that the organization first learned about the incident on December 15, 2022.

Following their investigation, Highmark determined that the incident was caused by a malicious email that had been sent to one of their employee’s email addresses.

Furthermore, the investigation concluded that their employee’s account had been compromised and accessed by perpetrators between December 13, 2022, and December 15, 2022. 

As victims of the data breach, 300,000 consumers may now be subjected to increased risk of potential identity theft and fraud. Whether you are impacted by this incident or others, here are three simple, yet effective steps you can take to mitigate the associated risks of a data breach.

  1. Self-Audit – Periodically review all your subscriptions and account details. We recommend that, wherever possible, you deactivate accounts that are no longer being used.
  2. Password Security – In addition to reviewing your subscriptions, make sure to evaluate the password “health” for each account (including password reuse, history, complexity, and age).
  3. React Quickly –Being prepared is always the best defense, but if you have been notified of a breach or suspect that you are a potential victim, immediately work to change your password and email address subject to the breach.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our?Digital Forensics and Incident Response?teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind. 

Want to be in the know? Subscribe to our bi-weekly newsletter,?Focus on Cybersecurity, at?www.schneiderdowns.com/subscribe

To learn more, visit our dedicated Cybersecurity page. 

 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Cybersecurity, IT Risk Advisory, Risk Advisory/Internal Audit BY Nathan Shepler
8 Key Considerations When Reviewing User Access
read more >
Cybersecurity, IT Risk Advisory BY Madeline Adamczyk
Allegheny County Marriage License Data Leak May Affect Recent Newlyweds
read more >
Cybersecurity, Health Care BY Daniel Hooven
$1 Billion a Day: Unpacking the Financial Aftershock of the Change Healthcare Cyber-Attack
read more >
Cybersecurity, IT Risk Advisory, Retail BY Madeline Adamczyk
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
read more >
Cybersecurity BY Nicholas DeLuca
Six-Figure Ransomware Attack Hits Washington County, PA
read more >
Cybersecurity BY Daniel Hooven
Romance Scams: Guarding Your Heart and Wallet
read more >
Register to receive our weekly newsletter with our most recent columns and insights.
subscribe for updates
most recent
Investment Corner with Jason & Sean: U.S. Small Cap Equities
Wealth Management
By Jason Staley | 4.23.2024

Learn more about the comprehensive history of technology and how it has directly shaped the realm of investing. ...

read more
most popular
Dynamics 365 Business Central 2024 Release Wave 1: Top 5 Features
Consulting, Digital & Technology
By Michael Scalamogna | 4.23.2024

Learn more about the top five new artificial intelligence features of wave one of the 2024 release of Dynamics 365 Business Central. ...

read more
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh
Columbus
Metropolitan Washington
Image of Prime Global Logo
follow us client portal

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×
Accept