Biomarin Pharmaceutical and Envision Healthcare Corporation Report Email-Related Breaches

Biomarin Pharmaceutical and Envision Healthcare Corporation have both recently announced that they have experienced security breaches involving compromised email accounts. Biomarin Pharmaceutical, based in Novato, CA, discovered two email accounts were compromised during a phishing attack in which the attacker obtained a temporary employee’s login information.

Biomarin Pharmaceutical discovered the attack on June 21, 2018 and took action immediately to stop the hacker from using the account and viewing messages. The investigation into the breach confirmed that the unauthorized person had accessed the email accounts, but it was not possible to tell if saved messages had been opened or copied.

All messages in the compromised accounts were checked to determine what information could have been accessed. Biomarin Pharmaceutical explained in a breach notice that one or both email accounts may have contained a document that included names, medical insurance details and Social Security numbers at the time the breach.

Because of the nature of data potentially compromised in the attack, Biomarin recommends affected individuals should place a fraud alert on their accounts to protect them against identity theft and fraud. They were also advised to monitor explanation of benefits statements from their insurance providers for any listed medical services that they have not received.

Biomarin Pharmaceutical has taken action to secure its email system and further measures have been implemented to prevent any further email account breaches.

Envision Healthcare Corporation, located in Portland, OR, also reported that some employee email accounts have been compromised. Current and past service providers, affiliates, and employment applicants have now been sent notification letters alerting them to the potential data breach.

A third party accessed the email accounts in July 2018 and potentially viewed or copied information such as names, dates of birth, driver’s license numbers, Social Security numbers and financial data. At this point, no evidence has been found to suggest any PHI was stolen or misused. As a preventative measure against identity theft and fraud, Envision offered affected individuals free identity theft and credit monitoring services with the Experian Identity Works’ Credit 3B service.

Envision Healthcare Corporation has already taken steps to secure its systems and has implemented multi-factor authentication.