Many readers may never have heard of CSI Financial Services, LLC but as ClearBalance, the California firm services loans made by hospitals and providers to patients who need to finance medical expenses.
A recent filing with the Maine Attorney General’s Office reveals that beginning on March 8, there was unauthorized access to some employee email accounts. The access was not detected until April 26, when ClearBalance detected and thwarted an attempted wire transfer of funds. Subsequent investigation revealed that the email accounts compromised also contained personal information related to certain loan accounts.
While the type of information varied by individual, the types of information in the compromised email accounts included patients’ name, tax ID, social security number, date of birth, other government-issued ID, telephone number, healthcare account number and balance, date of service, ClearBalance loan number and balance, personal banking information (such as the financial institution name, account number and routing number, but not PIN or access code), clinical information, health insurance information, and full-face photographic image.
Although ClearBalance reports that they have no evidence of misuse of that personal information, they recently started notifying 209,719 individuals. Those being notified are being offered mitigation services including 24 months of credit and CyberScan monitoring, a $1 million insurance reimbursement policy, and identity theft recovery services. The dark web is also being monitored for any signs of any of the data showing up.