People Inc., one of the largest non-profit health and human services company provider based in New York, has revealed a data breach, which has exposed confidential medical information concerning their former and current clients.
In an article published by ZNet, the data breach was said to be first discovered on Feb 19, 2019, revealing that an unauthorized person has gained access to an employee’s email account. Upon further investigation, a second account is also believed to have been compromised, but the company has not been able to verify it yet.
The email accounts contain personal information of nearly 1,000 clients, which include their names, addresses, Social Security numbers, bank account information, medical information, government IDs, and many more.
Upon discovery, People Inc. is quick to respond by resetting the passwords of the affected accounts, conducting a comprehensive investigation, and hiring an independent forensic investigation firm. The organisation has also informed the Federal Bureau of Investigation and the Health and Human Services Office for Civil Rights’ breach portal.
In a statement, People Inc. explains:
“People Inc. has no evidence indicating that any information aside from the information contained within the two employee email accounts was impacted in connection with this incident.
“In addition, People Inc. has no evidence that any of the information potentially involved in this incident has been misused. People Inc. has reported this matter to the FBI and will cooperate as necessary to hold the perpetrators accountable.”
On May 29, the organisation has informed potentially affected clients about security issues. In the notice, People Inc. adds: “We suggest that you review your debit and credit card statements carefully in order to identify any unusual activity. If you see anything that you do not understand or that looks suspicious, you should contact the issuer of the debit or credit card immediately.”
In relation to the information security issue, Head of Enterprise Data Protection at Comforte AG, Jonathan Deveaux, explains: “It’s about the data. Hackers and attackers don’t care what kind of business you run; they only care about the data you have. Many past news headlines have been about credit card numbers stolen during data breaches, but what’s trending up lately, is unauthorized access to personal identification information (PII).”
As of now, no report of any misuse concerning the leaked information has been received by the company yet.