The personal and medical information of 49,351 patients was exposed following a security incident involving two employees’ email accounts as disclosed by Minnesota-based Alomere Health. The Alexandria, Minnesota-based locally-governed hospital started notifying its patients of the security breach incident on January 3, 2020.
The security breach was discovered on November 6, 2019, when the hospital staff found that an employee’s email account was accessed by at least on unauthorized third party between October 31 and November 1, 2019.
After securing the breached account and starting an investigation with the help of a forensic security outfit, Alomere Health found on November 10 that a second employee’s email was breached on November 6.
After reviewing the emails contained within the two breached accounts, the staff discovered that the attackers might have gained access to patients’ names, addresses, dates of birth, as well as medical info such as record numbers, health insurance information, treatment information, and/or diagnosis information.