Steve Ragan reports:
In a breach notification letter sent to employees this week, Sony Pictures outlines the full scope of data that was compromised by attackers shortly before the Thanksgiving holiday.
[…]
“In addition, unauthorized individuals may have obtained (ix) HIPAA protected health information, such as name, Social Security Number, claims, appeals information you submitted to SPE (including diagnosis and disability code), date of birth, home address, and member ID number to the extent that you and/or your dependents participated in SPE health plans, and (x) health/medical information that you provided to us outside of SPE health plans.”