HBP Financial Services Group notice of breach impacting Pathology Consultants of New London, PC

NOTICE OF DATA BREACH HBP Financial Services Group, LTD (HBP), which serves as the practice administrator for Pathology Consultants of New London, PC (PCNL), was the victim of an IT incident that resulted in the unauthorized access to two HBP email accounts. HBP notified PNCL on July 21, 2021. While the incident was limited to two email accounts, we discovered that personal information may have been accessible. This Notice is intended to provide notice to individuals for whom PCNL did not have an adequate address. On May 20, 2021, HBP discovered that the hacker used both email accounts to attempt to commit financial fraud against HBP. HBP immediately engaged an IT forensics firm to determine the source of the problem, assess their systems and help secure the environment. Within 24 hours, the IT professionals secured the email system, and put additional protection measures in place. An investigation confirmed that only two email accounts were involved and that no other HBP systems were compromised. A phishing attack most likely caused the email compromise. The investigation revealed that the first sign of unauthorized access occurred between April 30, 2021 and May 20, 2021. The investigation also revealed that the hackers sole focus was to commit financial fraud against HBP. The hacker did not appear to be interested in personal information and did not take any traceable action that shows that the hacker forwarded or acquired any personal information in the email accounts. HBP reported the incident to the FBI. Although there is no evidence that data was taken, HBP performed an in-depth review of the two email accounts to determine whether there was any personal information that the hacker could have accessed. In doing so, HBP located emails and attachments that contained personal information. The personal information about those for whom PCNL did not have an adequate address that was available for the hacker to access was name, address, date of birth, account number, insurance information, and limited clinical information. We confirmed that as soon as HBP learned of the incident, it immediately implemented measures to stop the unauthorized access and to ensure such access does not happen again. We continue to work with HBP to ensure the security of information. Since all evidence indicates that the hacker was not interested in personal information and because Social Security Number information was not involved for the intended recipients of this Notice, we do not believe that any further steps are necessary for protection other than regularly reviewing explanation of benefits statement received for accuracy. HBP has set up an Assistance Line to answer questions about this incident. To reach the HBP Assistance Line, call (888) 994-0267 and use the reference number B017858.