US building contractor Hoffman Construction has gone public about a data breach that affected the healthcare records of an unspecified number of employees.
Hoffman discovered in December that an unauthorized party had accessed data related to its self-insured health plan in early August.
A variety of sensitive information records were exposed as a result including employee names, addresses, dates of birth, Social Security numbers, and benefits information.
In a breach notification statement, Hoffman said that as soon as it discovered the problem it “disabled the affected systems, took steps to secure our network, and began an investigation”.
Computer forensics experts brought in by Hoffman are yet to uncover evidence that sensitive health plan-related data has actually viewed by an attacker, much less abused.
Nonetheless, as a precaution, Hoffman is advising current and former employees, plus their beneficiaries and dependents, to “review any statements that they receive from their healthcare providers or health insurer”.
Detailed personal information is often abused by identity thieves who establish lines of credit under false names. There is a thriving underground market for names, addresses, and matching Social Security numbers of US citizens.
Hoffman said it was in the process of notifying individuals whose information was involved in this incident, and is offering them a complimentary one-year membership of credit monitoring and identity theft protection services.
The building contractor went on to apologize for any inconvenience caused by those affected, before offering assurance that it has already “implemented additional safeguards and technical security measures to further enhance the security of its network” in order to minimize the risk of further attacks.
The Daily Swig invited Hoffman to say how many records were potentially exposed by the breach. There’s no word back as yet but we’ll update this story as and when more information comes to hand.
Source: https://portswigger.net/daily-swig/hoffman-construction-shores-up-its-defense-systems-after-employee-healthcare-data-breach