Getty Images/iStockphoto

ClearBalance Data Incident Impacts Over 200,000 US Patients' PII  

A new cyber attack is impacting over 200,000 ClearBalance customers.

ClearBalance, a California-based company, is notifying over 200,000 customers that their personally identifiable information (PII) may have been stolen during a recent email hacking event.  

ClearBalance, a “leading provider of consumer-friendly patient financing programs to U.S. hospitals and health care systems,” according to its website, serves over 4 million patient accounts nationwide. 

A total of 209,719 people are impacted by the cyber attack, according to the Maine Attorney General’s Office.  

“On April 26, 2021, ClearBalance detected and prevented an attempted unauthorized wire transfer of ClearBalance funds,” the company stated. “We immediately engaged a forensic investigator to aid in an investigation and contacted the FBI. Through our investigation, we determined that there was unauthorized access to certain ClearBalance email accounts between March 8, 2021 and April 26, 2021. 

“On June 21, 2021, our investigation also determined that there was unauthorized access to emails that contained certain individuals’ personal information,” the company stated. “This incident did not impact our corporate networks or software, and did not involve the systems, databases, or medical records systems of any hospital, healthcare provider, or bank. Again, at this time, we have no evidence of any fraud or misuse of your information.” 

ClearBalance said the personal information impacted may have included: names, tax IDs, Social Security numbers, dates of birth, government-issued IDs, phone numbers, healthcare account numbers, balances, dates of service, ClearBalance loan numbers, personal banking information, clinicial information, health insurance information and full-face photographs.  

“Our review of the data was extensive, and all potentially impacted individuals were notified by written letters that were sent via US Mail on July 9, 2021,” ClearBalance stated.  

“ClearBalance takes your data security and privacy very seriously and we are committed to safeguarding the information you provide us...We deeply regret that this incident occurred and apologize for any concern it may cause.” 

The company is changing user account passwords, “implementing stronger access controls in the cloud email environment and providing updated procedures for reporting suspicious activity. Of course, we will remain vigilant and continue to augment our security as new threats emerge and evolve.” 

Customers impacted should monitor their accounts and be on alert for any suspicious activity. 

Information on free identity protection and monitoring services can be found at: https://response.idx.us/clearbalance 

Any ClearBalance customers with questions or concerns can call 1-833-406-2409, Monday-Friday, 9 am-9 pm EST.

Next Steps

Dig Deeper on Cybersecurity strategies