Dominion Resources personnel who arranged wellness screenings became hacking victims

An attacker penetrated a benefits system containing personal information on the energy company’s employees, spouses and partners who went online to schedule a health-screening appointment as far back as 2012.

The incident involving wellness plan provider StayWell Health Management took place in March and victims were notified July 11.

The hacker got into StayWell’s system through a third-party network – owned by subcontractor Onsite Health Diagnostics.

StayWell provides Dominion Resources with the “Well on Your Way” program, which includes a health screening. Onsite Health Diagnostics provides a sign-up mechanism for the health-screening appointments.

Individuals’ names, addresses, email addresses, phone numbers, gender and dates of birth were taken.

The hacker also accessed password information for Onsite Health Diagnostic’s system. The passwords were encrypted.

The breach happened March 25 but wasn’t detected immediately. After discovering the hack, Onsite Health Diagnostics notified StayWell on June 16. Dominion learned of the breach on June 24. Dominion learned the identities of the victims on July 7.

Dominion Resources is investigating why it took so long for the company to be alerted.