Email-Related Breaches Encountered by Biomarin Pharmaceutical and Envision Healthcare Corporation

Two healthcare companies experienced email-related breaches recently. The first company, Biomarin Pharmaceutical located in Novato, CA, found out that two email accounts of its employees became compromised because of a phishing attack allowing the attacker to access an interim employee’s account.

Biomarin Pharmaceutical became aware of the phishing attack on June 21, 2018 and immediately blocked access to the accounts by the hacker. Investigators of the breach confirmed that an unauthorized individual accessed the email accounts, although it was not certain if he/she opened or cloned any email messages.

After reviewing the breached accounts, one or the two email accounts contained a document having names, Social Security numbers and health insurance information that were potentially exposed during the breach.

Due to the type of compromised information, Biomarin Pharmaceutical advised the affected people to submit a fraud alert to their credit account firms as a safety measure against identity theft and fraud. Likewise, they should keep an eye on the explanation of benefits statements issued by their insurance companies so they would know if there are medical services recorded that were not received.

Biomarin Pharmaceutical by now secured its network system and took the necessary steps to prevent future email account breaches.

The second company that had certain email accounts compromised is Envision Healthcare Corporation, which is based in Portland, OR. The company sent breach notifications to inform current and past service vendors, affiliates, and job applicants that their personal information were potentially viewed by an unauthorized person.

The email accounts were accessed in July 2018 exposing names, birth dates, Social Security numbers, driver’s license numbers and financial information. So far, there is no confirmation that indicate any information were stolen or misused. As a safety measure against identity theft and rip-offs, Envision provided free identity theft and credit monitoring services to the affected individuals using the Experian IdentityWorks’ Credit 3B service.

Envision Healthcare Corporation’s network systems had been secured with the additional implementation of multi-factor authentication.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at