Email phishing attack impacts over 200,000 ClearBalance patients

Written by Sara Nguyen | July 21, 2021

ClearBalance is a patient financing company that has recently reported an email data breach which led to over 200,000 patients' sensitive information being exposed to cybercriminals.

What happened at ClearBalance?

In its security incident report, ClearBalance explains that on April 26, 2021, the company noticed and prevented an unauthorized wire transfer from removing money from ClearBalance funds. An investigation revealed that an email phishing attack tricked employees into giving their login credentials to hackers. Hackers had access to ClearBalance emails for about 7 weeks in March and April before being detected. The investigation determined that the hack was limited to the email environment only, and the hackers didn't receive access to other network systems. An email review showed that the hackers had access to emails that contain sensitive patient information. Some of the information may have included Social Security numbers, personal banking information, and full-face photographs. ClearBalance reports that this data breach affected 209,719 people.

How is ClearBalance protecting data now?

As a business associate, ClearBalance has a commitment to keep personally identifiable information (PII) secure. The loan provider has made updates to its security including:

Changing all account passwords
Implementing stronger access controls to its email cloud environment
Updating procedures for reporting suspicious activities

ClearBalance is also offering free identity protection and credit monitoring services to affected individuals. "ClearBalance takes your data security and privacy very seriously and we are committed to safeguarding the information you provide us," stated the company.

How can business associates prevent phishing attacks?

Human error is often the weakest link in your security chain. While employee training is necessary for spotting potential security threats, a healthcare organization should take the onus of security off of individuals as much as possible. Paubox Email Suite Plus enables your organization to send HIPAA compliant email while mitigating email phishing attacks. It contains features such as:

Inbound security: stops threats from reaching your inbox, including spam, viruses, and malware.

Two-factor authentication: requires two forms of authentication when logging into email accounts.

ExecProtect: patented protection from display name spoofing attacks.

DomainAge: blocks emails from recently registered domain names.

Zero Trust Email: the latest security feature from Paubox that requires an additional layer of authentication before reaching your employees' inbox.

Paubox Email Suite Plus is HITRUST CSF certified and a business associate agreement (BAA) is included in all our plans. We're dedicated to keeping your emails secure and safe from threats.

Try Paubox Email Suite for FREE and make your email HIPAA compliant today.

Start for free

View full post