Nearly 500,000 people had their personal data compromised as a result of a data breach
at Illinois-based medical practice Christie Business Holdings Company, or Christie Clinic, last year, SecurityWeek
Christie Clinic had one business email account targeted by a threat actor between July 14 and August 19, 2021. The attacker may have accessed individuals' names, addresses, Social Security numbers, and medical and health insurance information. However, the health services provider's other systems, patient portal, and electronic medical records were not impacted by the intrusion, according to Christie Clinic.
"The investigation indicated that the purpose of the unauthorized access was to intercept a business transaction between Christie Clinic and a third party vendor. This investigation was unable to determine to what extent email messages in the account were actually viewed or accessed by an unauthorized actor," Christie Clinic said in a breach notification posted on its website.
Additional network security solutions, as well as data privacy and security training have already been implemented following the incident.