HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

Patelco Credit Union experiences data breach affecting over a million

Written by Kirsten Peremore | Oct 4, 2024 2:41:08 PM

In June 2024 Patelco Credit Union fell victim to a ransomware attack that compromised the personal information of over one million current and former members and employees. 

 

What happened

June 2024 Patelco Credit Union experienced a serious ransomware attack that began on May 23, when unauthorized parties gained access to its network. The attack was detected on June 29 and confirmed through investigation on August 14, causing a temporary shutdown of day-to-day banking systems. 

This includes online services and the call center. A subsequent investigation revealed that the personal information of over 1 million current and former members and employees may have been compromised

 

What was said 

According to the notice of security incident released by Patelco, “Upon learning of this issue, we contained the threat by proactively disabling all unauthorized access to our network, restoring all data, and immediately commencing a prompt and thorough investigation. We also notified law enforcement.”

 

Why it matters 

Patelco amongst its product offerings provides a Health Savings Account (HSA) qualified as a health insurance plan. Although not specified if HSA data was compromised, the potential unauthorized access leaves the potential for health related information to be exposed further exasperating the consequences for Patelco to include a HIPAA violation. 

Related: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What is a ransomware attack? 

A ransomware attack is when hackers lock or steal data from a system and demand payment to release or return it.

 

What is a covered entity? 

An organization like a healthcare provider or insurance company, has to follow HIPAA’s rules. 

 

What is a breach?

An event where sensitive or protected data is accessed, disclosed, or stolen without permission.