Highmark Health Insurance Company Announces Malicious Phishing Data Breach
On Friday 2/10/2023, Highmark, a Pittsburgh-based health insurer, announced that due to a malicious phishing email request, private information of about 300,000 Highmark customers has been disclosed. The private information includes names, medical claims and treatment-related information, driver's license numbers, financial information and social security numbers. Highmark said that to date, no evidence of fraudulent use of the data has been found.
When Did The Learn About the Data Breach?
Highmark said it learned of the breach on December 15th and that the incident had occurred within the previous two days. The company then took steps to prevent future incidents of this nature, including new controls, hiring an outside firm to determine the full impact of the breach, and notifying affected customers by mail this week.
A Highmark spokesman stated that the investigation and notification process took more than a month, and that their notification of members is within timeframes required by federal law. Highmark said it is taking the security of member information seriously and has implemented a robust action plan to bolster employee training on phishing email threats.
If customers have questions, Highmark encourages them to call 800-459-4092.
Cyber Security Expert Analysis On Malicious Phishing Data Breaches
I reached out to Cyber Security expert Chris Close at Cyber Sleuth Security to discuss data breaches that stem from malicious phishing attacks.
Jason: What are some of the most common types of malicious phishing data breaches?
CEO of Cyber Sleuth Security: Malicious phishing data breaches can be classified into several different categories. The most common types of malicious phishing data breaches are credential theft, ransomware attacks, and malicious email campaigns. Credential theft occurs when hackers gain access to a user’s account, allowing them to access the user’s personal information, passwords, and other sensitive data. Ransomware attacks involve the encryption of a user’s data and the demand of a ransom in exchange for access to the data. Malicious email campaigns are when hackers send malicious emails with malicious attachments or links, which can lead to the infection of a user’s computer with malware.
Jason: What can businesses do to prevent malicious phishing data breaches?
CEO of Cyber Sleuth Security: The best way to prevent malicious phishing data breaches is to implement strong security measures and keep employees informed of the latest cyber security threats. It’s important for businesses to invest in a comprehensive security solution that can detect and prevent malicious phishing attacks. Additionally, businesses should educate their employees about the dangers of phishing and train them to recognize suspicious emails and links. Businesses should also regularly update their security systems, software, and devices to ensure that they are protected against the latest threats. We have several insurance based clients who use our holistic cyber security protection software to monitor, quarantine and deal with malicious phishing data breaches before they become an issue.
Jason: What are the consequences of a malicious phishing data breach?
CEO of Cyber Sleuth Security: The consequences of a malicious phishing data breach can be severe. Businesses may suffer reputation damage, financial losses, and disruption to operations. Additionally, if sensitive customer data is compromised, businesses could be subject to data protection regulations and penalties. Malicious phishing attacks can also lead to the spread of malware and other malicious code, which can cause further damage to a business’s systems and data.