ClearBalance Phishing Attack Could Have Impacted More Than 200,000 Patients

ClearBalance, a San Diego-based loan provider that helps patients pay for their medical bills by offering payment plans, has reported that its suffered a phishing attack on March 8, 2021.

A number of ClearBalance staff members were fooled into disclosing their login details, which allowed their email accounts to be accessed. ClearBalance discovered the attack on April 26, 2021 when an attempted fraudulent money transfer was detected. Measures were quickly put in place investigate the security breach and eject the phishers from its email environment. The attempted wire transfer was denied and no funds were transferred to the cybercriminals’ account.

An external forensic investigation firm was contracted to investigate the phishing attack and determine the nature and scope of the breach. The firm was able to ascertain that the breach was limited to the email environment and no other systems were impacted. They also confirmed that the attackers had been ejected from email environment the day the breach was discovered. 

The databases that stores medical information  supplied by healthcare providers were not breached; however, a range of sensitive data was present in emails and attachments which could have been obtained by the attackers. A review of the accounts determined they contained names, tax IDs, Social Security numbers, dates of birth, government-issued ID numbers, telephone numbers, healthcare account numbers, balance amounts, dates of service, ClearBalance loan numbers and balances, personal banking information, clinical information, health insurance information, and full-face photographic images. ClearBalance said most of the individuals did not have any specific PHI affected.

ClearBalance has now strengthened its security measures, changed all passwords, and has enhanced access controls for the network and the processes for reporting suspicious activity have been amended to make them more effective.

It appears that the hackers main aim was to trick employees into making fraudulent wire transfers, as opposed to stealing private health information. As a precautionary step, ClearBalance has provided all those impacted in the breach with the opportunity to avail of free identity theft protection services for two years along, along with access to credit monitoring services and insurance cover for identity theft.

The breach report submitted to the HHS’ Office for Civil Rights indicates 209,719 patients were potentially affected. 


Author: Maria Perez