Health First revealed that a data breach that affected its online application vendor, may have compromised the personal data of around 42,000 customers. The firm claimed that the data breached included customers’ Social Security Numbers, addresses and dates of birth.
However, the healthcare organization claims that no medical information was compromised in the breach. The data breach occurred between February and May in 2018. The attack was made possible when a small number of employees received phishing emails. These bogus emails made a way for attackers who could obtain access to customers’ sensitive data.
"Based on a forensic review, it is believed that a limited number of emails were viewed and the criminals did not appear interested in obtaining personal data but focused on continuing their phishing scam," said Matthew Gerrel, senior vice president of consumer and retail services at Health First, Florida Today reported.
As a precautionary measure, Health First notified the customers potentially affected by the breach. The healthcare organization said that it is doing its best to protect the data from future attacks. It has blocked access to the affected email accounts and changed the passwords as well.
"Once we learned of the event, we blocked the unauthorized access and changed the passwords of the impacted employees’ email accounts. We are initiating new security measures to prevent a similar event from happening again," said Gerrel.
Health First is also offering free identity protection services to the impacted customers, for a year.
"We apologize for this breach and assure our customers we are doing all we can to protect their health and information. However, as some accounts contained Protected Health Information we have notified the potentially impacted customers" Health First said.