Back to Data breach

Data breach

Sharecare Health Data Services fall victim to data breach: Affected centers include AltaMed and Blue Shield


In March 2019, Sharecare Health Data Services (SHDS) revealed that a data breach compromised the information of the patients of AltaMed Health Services Corporation and Blue Shield of California. The compromised data included patient names, addresses, dates of birth, unique identification numbers, and medical record numbers. No Social Security numbers, clinical medical information, or credit card data was compromised.

On December 31, 2018, SHDS informed AltaMed and Blue Shield that it initially detected suspicious activity in its network on June 22, 2018, and further investigations revealed that an unauthorized third-party gained access to its network as early as May 21, 2018. Around 18,000 Blue Shield and nearly 5,800 AltaMed members' records were affected in this breach. As soon as it was discovered, SHDS hired a forensics team to prevent further unauthorized access and took measures to implement strong security policies.

Both Blue Shield and AltaMed have notified their affected members regarding the breach. Besides that, Blue Shield has also reported the breach to the Centers for Medicare and Medicaid Services, the Department of Health and Human Services Office for Civil Rights, and the California Attorney General’s office. SHDS is offering a year's worth of free credit monitoring services to all the affected members.

Cyber criminals are out there. What are you planning to do about it? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.

Here's how ManageEngine can help.

Log360, our comprehensive security information and event management (SIEM) solution, can help your organization:

  • Identify cross-site scripting (XSS) attacks, malicious file installations, DoS attacks, SQL injection, and more with its real-time correlation capability.
  • Alert security teams in real time about events that require immediate attention, such as account lockouts, security group membership changes, unauthorized attempts to access files or folders, and network attacks.
  • Detect unauthorized network access attempts with its built-in Structured Threat Information eXpression (STIX/TAXII) feeds processor. Log360 also has a global IP threat database that can instantly detect known malicious traffic passing through the network as well as outbound connections to malicious domains and callback servers. Updated daily, the global threat database contains more than 600 million blacklisted IP addresses that are collected from trusted open sources.
  • Find potential insider threats with the user and entity behavior analytics engine, which creates a baseline of normal activities that are specific to each user and notifies security personnel instantly when there's a deviation from this norm. Rather than using static threshold values, this tool employs a combination of data analytics and machine learning to define dynamic thresholds based on real-world user behavior.
  • Obtain important forensic information about incidents. The collected logs can be securely archived to help prove adherence to compliance standards and reduce potential legal penalties during investigations.
  • Automatically raise incidents as tickets to the designated administrator in ServiceDesk Plus, JIRA, Zendesk, Kayako, or ServiceNow to create an incident resolution process that's swift and accountable.

Download a free trial of Log360 to see the tool in action for yourself.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.