Endeavor Energy Resources notifies employees and dependents after employee fell prey to phishing attack
Statement from Endeavor Energy Resources (via MRT):
“Endeavor Energy Resources, L.P. (“Endeavor”), an oil and gas exploration and production company, discovered on Jan. 14 that earlier that day an unauthorized party, through a phishing scam, possibly gained access to unsecured protected health information stored in the corporate, Office 365 account of an Endeavor employee. After a detailed review of the account was completed, Endeavor was able to determine on Feb. 7 that the protected health information within the account included names and health plan member ID number of current and former employees of Endeavor and Endeavor affiliate companies as well as dependents who participate in the Company’s health plan. Endeavor has sent notice letters to all potentially impacted individuals in compliance with HIPAA’s Breach Notification Rule. As of this writing, Endeavor has received no indication that any protected health information has been misused.
“Endeavor appreciates the importance of protecting the privacy and security of protected health information. Endeavor is taking steps to prevent this type of incident from occurring again, including implementations of enhanced safeguards for protected health information and an evaluation of security additional security procedures.
“Individuals who believe they may be affected, or who need additional information should contact Endeavor’s incident response call center at 833-554-0464, for further information and assistance. Additionally, media and general inquiries can be directed to Lacy Sperry.”
The incident was reported to HHS as impacting 5,103 current and former employees and dependents.