Lyons Companies issued a breach notification press release on August 23. Let’s skip the PR and cut to the chase, shall we?
What Happened? On March 12, 2019, Lyons learned of unusual activity in an employee email account.
It turned out two employee email accounts were accessed without authorization. One email account was subject to unauthorized access between February 4 and March 12, 2019, and the second account was accessed for a few hours on March 12, 2019.
The investigation was unable to confirm whether and what information, if any, was potentially accessed.
So when in doubt, investigate, document and then notify anyone and everyone potentially affected, right?
What Information Was Involved? … While the data present in the affected emails varies by individual, it may include: name, contact information, driver’s license information, bank account or other financial information, date of birth, medical record number, patient identification number, medical and/or clinical information including diagnosis and treatment information, Medicare or Medicaid identification number, and health insurance and claims information. For a small percentage of individuals, the data may also include Social Security number.
I bet you weren’t expecting all that, right? But this is why Protenus’s breach analyses are not confined to what shows up on HHS’s public breach tool.
You can read their full notification here.