Highmark Data Breach Impacts an Estimated 300,000 Patients’ Data

Highmark recently announced that they were one of the recent victims of a sensitive data breach.

According to their filing, the data breach was a result of a phishing attack, which compromised an employee email account.

The breach gave perpetrators access to an estimated 300,000 records of patients’ data which may have included their full names, social security numbers, financial information, insurance information and protected health information.

Per the filing, Highmark began notifying those who were impacted by the incident via data breach notification letters. Highmark’s filing provides additional details pertaining to the data breach including the fact that the organization first learned about the incident on December 15, 2022.

Following their investigation, Highmark determined that the incident was caused by a malicious email that had been sent to one of their employee’s email addresses.

Furthermore, the investigation concluded that their employee’s account had been compromised and accessed by perpetrators between December 13, 2022, and December 15, 2022. 

As victims of the data breach, 300,000 consumers may now be subjected to increased risk of potential identity theft and fraud. Whether you are impacted by this incident or others, here are three simple, yet effective steps you can take to mitigate the associated risks of a data breach.

  1. Self-Audit – Periodically review all your subscriptions and account details. We recommend that, wherever possible, you deactivate accounts that are no longer being used.
  2. Password Security – In addition to reviewing your subscriptions, make sure to evaluate the password “health” for each account (including password reuse, history, complexity, and age).
  3. React Quickly –Being prepared is always the best defense, but if you have been notified of a breach or suspect that you are a potential victim, immediately work to change your password and email address subject to the breach.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our?Digital Forensics and Incident Response?teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind. 

Want to be in the know? Subscribe to our bi-weekly newsletter,?Focus on Cybersecurity, at?www.schneiderdowns.com/subscribe

To learn more, visit our dedicated Cybersecurity page. 


You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
Six-Figure Ransomware Attack Hits Washington County, PA
Romance Scams: Guarding Your Heart and Wallet
A First of Its Kind: The $25 Million Deepfake Scam
Fortifying Retail Security: Essential Cybersecurity Tools and Software
Defend Your Dollars and Data: How to Avoid IRS Impersonation Scams
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.