Guardant Health Inc. — which is planning to raise up to $100 million in an IPO — said it was hit by a cybersecurity attack in July.
The Redwood City, Calif.-based company said an unauthorized user obtained access to one of its employees' email account through a phishing attack. Phishing is a method used to steal sensitive information by disguising as a trustworthy entity online.
The attack resulted in unauthorized access of information, including protected health information, of about 1,100 individuals over a five-day period, Guardant Health said in an SEC filing. The information included patients' names, contact information, birth dates and medical diagnosis codes.
The information also contained Social Security numbers in a "very limited number of cases."
In response, Guardant plans to notify the U.S. Department of Health and Human Services, regulators and affected individuals regarding the incident.
The company is also expecting additional penalties as well as internal and external costs related to the attack. "We continue to analyze the information that was accessed and intend to take additional steps to prevent future unauthorized access to our systems and the data we maintain, but we cannot guarantee that additional incidents will be avoided," the company said in the filing.
Guardant offers a liquid biopsy assay — marketed as Guardant360 — which uses blood samples to evaluate DNA shed from cancers, instead of an invasive tissue biopsy. The company is planning to list its stock on the Nasdaq Global Select Market.