DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

WI: EVERSANA reports breach of protected health information that occurred in 2019

Posted on April 8, 2020 by Dissent

EVERSANA, a global commercial services provider to healthcare entities, has disclosed a data breach that occurred between between April 1 and July 3, 2019.  The breach reportedly affected patient data stored in a legacy technology environment, which has since been updated.

According to their notification, “Upon notification of unusual email activity, the firm immediately conducted a comprehensive review and confirmed that certain EVERSANA accounts were subject to unauthorized access through a legacy technology environment, which has since been updated, between April 1 and July 3, 2019.”

But when were they first notified of unusual email activity? And how were they notified? Was this discovered internally or did some external party contact them? And how many patients were impacted?

Eversana reports that they completed their investigation on or around February 7, 2020 and determined the types of information that were potentially accessible:

The types of information potentially accessible may include name, address, social security information, driver’s license/state identification number, passport number, tax identification number, financial account information, debit/credit card information, username and password, health information, treatment information, diagnosis, provider name, MRN/patient ID number, Medicare/Medicaid number, health insurance information, treatment cost information, and/or prescription information.

EVERSANA claims that they currently have no evidence that personal information was subject to actual or attempted misuse.

DataBreaches.net sent an inquiry as to when they first discovered unusual activity and how many patients are being notified, but no reply was received by publication time.  One of the queries concerned whether they are considered a business associate under HIPAA and whether they are reporting this incident to HHS/OCR.

This post will be updated if more information is received.

 

Related Posts:

  • The Guidance Center notifies 1,235 patients after…
  • PA: Juniata College Provides Notice of Data Incident
  • Presbyterian Health business associates disclose breach
  • Health Quest phishing incident in 2018 results in…
  • CO: Sunrise Community Health Notifies Patients of…

Post navigation

← Vianet’s customer data compromised with latest leaks
Maropost takes your privacy and security…. →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • AlphV claims they have started contacting some of Tipalti’s clients (1)
  • Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
  • What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.
  • On September 2nd, the U.S. branch of Great Star Industrial Co. disbursed a ransom of 1 million dollars to a ransomware group
  • Former Public School Information Technology Manager Charged with Damaging School’s Computer Network
  • Sellafield nuclear site hacked by groups linked to Russia and China
  • Hackers steal IDF patient records from cyberattack on Israeli hospital (corrected)
  • AlphV claims an attack before even alerting the victim. How will that work out for them? (1)

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net