BreachExchange mailing list archives
1, 000 former, current Equinox clients affected by data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 9 Dec 2019 09:14:40 -0600
https://www.timesunion.com/news/article/Former-current-Equinox-clients-affected-by-data-14887304.php ALBANY — Equinox, the Albany-based human services agency, has learned of a data breach that may impact the protected health information of more than 1,000 current and former clients. The agency reported Friday that on July 26, staff discovered unusual activity within its "digital environment" and hired the independent cybersecurity firm CyberScout to investigate. On Aug. 28, the firm reported it had found evidence that hackers had gained access into two email accounts belonging to Equinox employees. Equinox then hired data review experts to determine if the accessed email accounts contained any protected health information. On Oct. 9, they learned that they did. Notification letters were mailed to impacted clients on Friday. Information that was potentially accessed included names, addresses, dates of birth and Social Security numbers as well as information on medical treatment or diagnoses, medication and health insurance. "Equinox, Inc. takes the security of all information very seriously," the group said in a news release. "Equinox, Inc. has no evidence indicating that any information aside from the information contained within the accessed email accounts was potentially impacted in connection with this incident. In addition, Equinox, Inc. has no evidence that any of the information potentially impacted in connection with this incident has been misused." As a precautionary measure, Equinox is offering free credit-monitoring services to impacted individuals. Christina Buff Rajotte, director of development and marketing, said it's not the agency's practice to share protected health information over email but that outside organizations, agencies and municipalities sometimes do when making referrals. The information is usually sent via email attachment, she said. "We've requested they do not do that and send it via fax," she said. Since learning of the incident, Equinox has added additional security features to its digital assets and is now considering CyberScout's recommendations that it encrypt its email system, among other things. It has also established a toll-free call center to answer questions about the incident and any other concerns. The call center can be reached at 1-800-405-6108, Monday through Friday from 8 a.m. to 5 p.m. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- 1, 000 former, current Equinox clients affected by data breach Destry Winant (Dec 09)