Alomere Health, a Minnesota-based hospital operator, has begun notifying patients of a data breach that impacts more than 49,351 patients.
On October 31, 2019, a malicious attacker gained unauthorized access to an employee email account, then hijacked a second account days later on November 6. The details were recently published on the health providers' website.
Data compromised in this incident includes names, addresses, birth dates, medical record numbers, health insurance provider information, as well as diagnosis and treatment details. A small subset of patients also had their Social Security numbers and driver's license numbers compromised. For those patients, credit monitoring and identity protection services will be provided, free of charge.
The health care provider is unclear if the malicious actor actually viewed the personally identifiable information, but out of caution, it has mailed letter to those whose information was left vulnerable.
Following this attack, Alomere claims to have implemented additional security measures for all employee email accounts.
Healthcare providers continue to be an attractive target for cybercriminals due to the high demand for personal records on the black market. With data breach costs at $407 per record, the healthcare industry must step up its defenses and implement the appropriate security controls or continue to fall victim to attacks.
Our solutions combine the essential, foundational security controls as prescribed by all leading security frameworks such as HIPAA/HITECH and CIS with the operational discipline of change management. Our suite of security products addresses a number of threat defenses identified in HIPAA, including Device Hardening, Vulnerability Management, and Host-Based Intrusion Detection.
Learn more about HIPAA-HITECH compliance by reading out latest whitepaper