Cyber Incident Victim: Work Health Solutions
Date:
Feb 2022
Location:
United States of America
Summary
Work Health Solutions experienced a data breach when an unauthorized party accessed an employee's email account, compromising sensitive personal information including names, Social Security numbers, driver's license details, health insurance data, and medical records. The incident, attributed to third-party access, prompted an internal investigation with external cybersecurity experts, leading to notifications being sent to affected individuals after the compromised files were reviewed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 9, 2022, Work Health Solutions reported a data breach to the California Attorney General’s office after discovering unauthorized access to a single employee’s email account. The company determined that the unauthorized party first gained access to the account on February 16, 2022, with the period of compromise lasting until March 24, 2022. Work Health Solutions initiated an internal investigation assisted by third-party data security experts upon discovering the incident, though the specific detection method leading to this discovery was not disclosed. The investigation confirmed that sensitive consumer information within the email account was accessible to the unauthorized actor during this 36-day window. Compromised data included full names, Social Security numbers, driver’s license numbers, health insurance information, and medical information. The breach notification filing indicated that affected individuals may have had multiple categories of personal and health-related data exposed. Work Health Solutions did not specify the total number of impacted individuals but confirmed the breach involved information belonging to "certain individuals" whose data resided in files accessible through the compromised email account.
Following its investigation, Work Health Solutions conducted a review of the affected files between March 24 and November 9, 2022, to identify both the scope of compromised information and the specific consumers involved. The company completed this process and mailed individualized data breach notification letters to all affected parties on November 9, 2022. These letters detailed the nature of the exposed information and provided guidance on protective measures against identity theft and fraud. As a provider of occupational health programs, medical surveillance testing, and wellness services to corporate clients, Work Health Solutions’ breach potentially impacted individuals who underwent employer-mandated medical evaluations or utilized its onsite clinics. The San Jose-based company, which employs over 100 staff and generates annual revenues between $5 million and $25 million, did not disclose whether the breach affected clients from specific employer partnerships or the geographic distribution of impacted individuals beyond its California regulatory filing. No additional technical details regarding the attack vector, threat actor identity, or system security measures were provided in the available notifications.