Cyber Attack Could Compromise PHI of Sony Employees
The protected health information (PHI) of studio employees is reportedly part of the cyber attack at Sony Pictures. Sony employees were informed of this possibility by a letter from management on December 8. Authorities have yet to definitively determine the identity of the attackers, though some cyber security experts believe the attack was perpetrated by North Korean hackers.
The letter noted that in addition to the theft of personal financial data, passport numbers, and credit card information, stolen information also may have included—according to the letter—”HIPAA-protected health information, such as name, social security numbers, claims appeals and information you submitted to SPE [Sony Pictures Entertainment] (including diagnosis and disability code), date of birth, home address, and member ID number to the extent that you and/or your dependents participated in SPE health plans, and medical information you provided to us outside of SPE health plans.”
Sony has provided employees with one year of identity protection services, which is standard for individuals whose information is caught up in privacy breaches. Some Sony employees, however, have purchased their own identity protection services for extra assurance, according to an interview with an anonymous Sony employee published in Fortune.