Cybernews reports that U.S. health IT firm Datavant had information from more than 11,000 individuals, including from those under 18, exfiltrated following a phishing-related data breach in early May.
Infiltration of a single user's email in a phishing attack between May 8 and May 9 allowed threat actors to compromise individuals' names, addresses, Social Security numbers, contact information, financial account details, health information, passports, and driver's licenses, said the medical record processing service provider in a filing with the Office of the Maine Attorney General that downplayed the impact of the breach on its systems and data storage facilities. However, with the exposure of such information increasing the risk of targeted phishing and medical identity theft intrusions, Datavant has given affected individuals two years of complimentary identity monitoring and identity theft restoration services while emphasizing efforts to bolster phishing awareness among its employees, as well as its technical security protections.