Alomere Health, a Minnesota-based hospital operator, is the latest victim of a data breach that affected 49,351 individuals, scmagazine reported.
In an official report, the health care provider revealed that an unknown intruder gained access to two employee email accounts multiple times between October 31, 2019, and November 1, 2019, and also on November 6, 2019.
The compromised data includes names, dates of birth, addresses, medical record numbers, health insurance information, and diagnosis information. Alomere Health stated that a few numbers of patients had their social security numbers and driver’s license numbers exposed in the incident. It’s unclear if attackers actually misused any of the compromised data.
“The investigation was unable to determine whether the unauthorized person actually viewed any email or attachment in either account. In an abundance of caution, we reviewed the emails and attachments in the accounts to identify patients whose information may have been accessible to the unauthorized person,” Alomere Health said in a statement.
The company notified the patients whose information was left vulnerable and offered them free credit monitoring and identity protection services.
“Even though we have no confirmation that patient information was actually viewed by the unauthorized person, or that it has been misused, we mailed letters to patients whose information was found in the accounts,” the statement added.
Cybersecurity experts said hackers are increasingly targeting the Health care industry to steal sensitive medical information and sell it on the black market. A survey from cybersecurity company Carbon Black revealed the rate of cyber-attacks on the healthcare industry appears to be increasing exponentially.
In its survey report, Healthcare Cyber Heists in 2019, Carbon Black disclosed what is happening to Personal Health Information (PHI) that was stolen by cybercriminals. The survey, which involved 20 of the Health care industry’s Chief Information Security Officers (CISOs), found the Health care sector being targeted because of how lucrative PHI is when compared to other personal data like credit card numbers. It’s said that PHI is worth three times more than other personal information since the health information never changes and can be used by cybercriminal groups for extortion or compromise.