Sony Pictures admits HIPAA data might have been compromised during breach

Steve Ragan reports:

In a breach notification letter sent to employees this week, Sony Pictures outlines the full scope of data that was compromised by attackers shortly before the Thanksgiving holiday.

[…]

“In addition, unauthorized individuals may have obtained (ix) HIPAA protected health information, such as name, Social Security Number, claims, appeals information you submitted to SPE (including diagnosis and disability code), date of birth, home address, and member ID number to the extent that you and/or your dependents participated in SPE health plans, and (x) health/medical information that you provided to us outside of SPE health plans.”

So HIPAA protections were supposed to be in place for some data, and this breach should be reported to HHS.

Read more on CSO. Sony’s notification to SPE employees is available on the web site of the California Attorney General’s Office (pdf).

CISA Alert: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
System Status Note
Fraudster's fake data breach claims should remind media to be careful what we report
"Pompompurin" taken into custody after violating conditions of pre-sentencing release on bond (1)
Happy New Year 2024
Multiple Ohio schools receive threats, believed to be Russian hackers, saying bombs are in schools

Related: