Recently, a data leak was reported at Alomere Health Hospital in Minnesota, the United States, which exposed the personal and medical information of 49,351 patients. It is understood that the incident occurred because the email accounts of two employees of the hospital were compromised.
Alomere Health is a general medical and surgical hospital located in Alexandria, Minnesota, USA. It has been accredited by the Medical Institution Accreditation Program (HFAP), has a Class III trauma center, and has been named one of the Top 100 Hospitals by Thomson Reuters.
It is understood that the incident was discovered on November 6, 2019, and IT staff inside the hospital found that during the period from October 31 to November 1, 2019, an unauthorized third party accessed the email of the hospital staff account. But Alomere Health Hospital did not begin to notify affected patients until January 3, 2020.
The hospital explained that because it was impossible to determine in a timely manner whether any patient information was included in the compromised email, the hospital checked the email and attachments in the account to determine the impact of the incident range. After review, it was finally determined that some of the patient information was included in the email account and could be affected before the notification was started.
It is reported that the exposure data mainly include the patient’s name, address, date of birth, medical record number, health insurance information, and diagnosis and treatment details. The attackers also accessed social security numbers and driver’s license numbers for some patients.
After the incident, the hospital launched an investigation with the help of an external forensic company. Represents that free credit monitoring and identity protection services will be provided to affected patients. He also said that other safety measures will be taken to prevent future accidents, including training of internal staff.