Alomere Health, a Minnesota based healthcare provider, suffered a data breach affecting nearly 50,000 patients. This situation was caused by two employee email accounts being compromised between October 31st, 2019 and November 6th, 2019, the same day the breach was detected. Investigative efforts began almost immediately, and it was discovered that the email accounts that were breached contained patients’ data including their names, addresses, dates of birth, as well as medical info such as record numbers, health insurance information, treatment information, and/or diagnosis information. A limited number of patients also had their Social Security numbers (SSNs) and driver’s license numbers exposed. Alomere began notifying affected parties on January 3rd, 2020 and has agreed to compensate any patients whose SSNs and driver’s license numbers were compromised by providing complimentary credit monitoring and identity protection services.
Since some customers and patients may have had their SSN compromised, users should be vigilant and let the correct institutions know that there may be an increased amount of fraud attempts attached to them. Users should also take advantage of the free credit monitoring service being offered by Alomere. Implementing a defense in depth strategy is imperative in defending a company and their customer’s data, using tools such as endpoint detection and response sensors can alert on attacker behaviors post-compromise. Attacks that are stopped in the early stages have much less chance of causing significant damage. Security training should also be in place at organizations to train and teach employees how to spot phishing emails to reduce the chance of them being effective. More information on the breach can be found here: https://cyware.com/news/minnesota-hospital-breach-impacts-personal-and-medical-data-of-50000-patients-9eaec0ec