A potential security breach at the Union Labor Life Insurance, a subsidiary of Ullico, has affected the personal information of 87,400 patients. The incident occurred after an employee responded to a phishing email.
According to the breach notification, Ullico Inc. revealed that the breach took place on April 1, 2019. The targeted employee opened a malicious link in the phishing email that appeared to be from a trusted business partner.
This malicious link redirected the victim to a legitimate-looking fake file-sharing website, which asked for login credentials.
What data was compromised?
As soon as the login credentials were provided on the fake website, the hacker was able to access the employee’s email account and collect all the sensitive information. The compromised data included plan member names, addresses, dates of birth, Social Security numbers, and personal health information of the individuals and their family members.
“This information was in the possession of the Company in connection with the Company’s group life and medical stop loss insurance products,” said the company in its notification.
How did the company respond?
The company had disabled the affected email account within 90 minutes of the unauthorized access. In addition, the employee’s computer was also disconnected from the company’s network. It has also begun investigating the matter and at the same time is notifying the affected patients.
The company will offer 24 months of free credit monitoring and identity theft protection services to the patients who are affected by the breach.