Minnesota-based Alomere Health has revealed that the personal and medical information of 49,351 patients was exposed due to a security incident that involves two employees’ email accounts.
Alomere Health is a community-owned and non-profit general medical and surgical hospital with 127 beds and was named as one of the Top 100 Hospitals by Thompson Reuters twice.
The Alexandria, Minnesota-based locally-governed hospital started notifying its patients of the security breach incident on January 3, 2020.
The security breach was discovered on November 6, 2019, when the hospital staff found that an employee’s email account was accessed by an unauthorized third party between October 31 and November 1, 2019.
Alomere Health secured the breached account and started an investigation with the help of a forensic security firm and they found on November 10 that a second employee’s email was breached on November 6.
According to the hospital breach notification, the investigation was unable to determine whether the unauthorized person(s) actually viewed any email or attachment in either account.
The hospital reviewed the emails and attachments in the accounts to identify patients whose information may have been accessible to the unauthorized persons and it was found that portions of some patients’ information were contained in the email accounts.
After reviewing the emails contained within the two breached accounts, the staff found that the attackers might have attained access to patients’ names, addresses, dates of birth, as well as medical info such as record numbers, health insurance information, treatment information and diagnosis information.
Besides, the Social Security numbers and driver’s license numbers of a limited number of patients might have also been exposed.
Alomere Health provides complimentary credit monitoring and identity protection services for patients whose SSNs and driver license info were stored in the breached email accounts.
The hospital advises those customers who received an email notification regarding this security incident to review any statements they receive from their health insurers or healthcare providers and contact them immediately if they discover anything out of place.
The hospital assures that in order to reduce the occurrence of such breaches in future, they have introduced additional security measures for all of Alomere Health employee email accounts. They stated that with these additional layers of security, staff training and diligence they will continue to provide high-quality health care, close to home with safety and security.
Alomere Health is one among the long list of healthcare providers impacted by breaches during the last month. The protected health information (PHI) of tens of thousands of patients was exposed in these recent data breach reports filed with the U.S. Department of Health and Human Services Office for Civil Rights within the last month.