[BreachExchange] 1, 000 former, current Equinox clients affected by data breach

Destry Winant destry at riskbasedsecurity.com
Mon Dec 9 10:14:40 EST 2019


ALBANY — Equinox, the Albany-based human services agency, has learned
of a data breach that may impact the protected health information of
more than 1,000 current and former clients.

The agency reported Friday that on July 26, staff discovered unusual
activity within its "digital environment" and hired the independent
cybersecurity firm CyberScout to investigate. On Aug. 28, the firm
reported it had found evidence that hackers had gained access into two
email accounts belonging to Equinox employees.

Equinox then hired data review experts to determine if the accessed
email accounts contained any protected health information. On Oct. 9,
they learned that they did. Notification letters were mailed to
impacted clients on Friday.

Information that was potentially accessed included names, addresses,
dates of birth and Social Security numbers as well as information on
medical treatment or diagnoses, medication and health insurance.

"Equinox, Inc. takes the security of all information very seriously,"
the group said in a news release. "Equinox, Inc. has no evidence
indicating that any information aside from the information contained
within the accessed email accounts was potentially impacted in
connection with this incident. In addition, Equinox, Inc. has no
evidence that any of the information potentially impacted in
connection with this incident has been misused."

As a precautionary measure, Equinox is offering free credit-monitoring
services to impacted individuals.

Christina Buff Rajotte, director of development and marketing, said
it's not the agency's practice to share protected health information
over email but that outside organizations, agencies and municipalities
sometimes do when making referrals. The information is usually sent
via email attachment, she said.

"We've requested they do not do that and send it via fax," she said.

Since learning of the incident, Equinox has added additional security
features to its digital assets and is now considering CyberScout's
recommendations that it encrypt its email system, among other things.

It has also established a toll-free call center to answer questions
about the incident and any other concerns. The call center can be
reached at 1-800-405-6108, Monday through Friday from 8 a.m. to 5 p.m.

More information about the BreachExchange mailing list