The Hoffman Corp. has reported that they had fallen victim to a data breach that undermined the healthcare statements of an indefinite number of workers.
The corporation, one of the largest general contractors headquartered in the Pacific Northwest detected in December that an illegitimate actor had gained unauthorized access to the data that was linked to their self-insured health plan in August.
Vulnerable healthcare data:
An assortment of private data was apparently compromised which included details like employee names, addresses, dates of birth, Social Security numbers, and benefits information
While giving the details about the data breach, the company said that right after the data breach was detected, all the impacted systems and networks were disabled and taken security actions against.
A prompt data breach investigation was also initiated by Hoffman.
Cybersecurity and data breach experts consulted by the organization are yet to confirm any evidence suspecting whether any of the health care data was even observed by threat actors, much less exploited.
However, as a precautionary measure, Hoffman Corp has instructed workers and employees, current and former, to review and analyze any suspicious statements and records received from their health insurers and health providers. This also includes the employees’ extended dependents and beneficiaries.
Healthcare information is an individual’s private, sensitive data and these should never be compromised.
There have been multiple scenarios where healthcare data has been exploited and held vulnerable by threat actors to create lines of credit under fake names.
There is a rather affluent and thriving black market for names, addresses, and matching Social Security numbers of many US citizens.
The Corp has stated that they are in the process of apprising the impacted and affected individuals whose information was involved in this incident and will offer them a complimentary one-year membership of identity theft security and credit tracking services.
Hoffman Corp has apologized for the data breach incident and has assured that they have started implementing additional defenses, cybersecurity, and cyber protection measures to improve their cyber health against any future data breach and cybersecurity attacks.