Experts On 50K Exposed In Minnesota Hospital Breach

The personal and medical information of 49,351 patients was exposed following a security incident involving two employees’ email accounts as disclosed by Minnesota-based Alomere Health. The Alexandria, Minnesota-based locally-governed hospital started notifying its patients of the security breach incident on January 3, 2020.

The security breach was discovered on November 6, 2019, when the hospital staff found that an employee’s email account was accessed by at least on unauthorized third party between October 31 and November 1, 2019.

After securing the breached account and starting an investigation with the help of a forensic security outfit, Alomere Health found on November 10 that a second employee’s email was breached on November 6.

After reviewing the emails contained within the two breached accounts, the staff discovered that the attackers might have gained access to patients’ names, addresses, dates of birth, as well as medical info such as record numbers, health insurance information, treatment information, and/or diagnosis information.


EXPERTS COMMENTS
Warren Poschman, Senior Solutions Architect,  comforte AG
January 09, 2020
The best way to cure this is by prescribing the strong medicine of a data-centric security approach.
While many of us were busy toasting each other “to our health!”, some attackers may have been toasting each other “we’ve got your health records!”. In the most recent medical breach at Alomere Health, small and mid-sized regional providers continue to be a target without abatement. The fundamental issue is how these providers manage data, such as in this case where “portions of some pa ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
January 09, 2020
Security awareness and training should form a vital part of all organisations security plans.
Apparently this breach was as a result of two employees emails being compromised. This was likely either through a phishing email or because the staff reused passwords that were breached elsewhere. This is why security awareness and training should form a vital part of all organisations security plans, as many attacks originate through phishing or other social engineering techniques. Multi facto ....
[Read More >>]
Saryu Nayyar, CEO,  Gurucul
January 09, 2020
The intruders look for ways to expand their access so that they can find the systems.
Medical records and other healthcare patient data are a treasure trove for criminals, and this is just another example of the severity of the problem that healthcare providers face from cyber attacks. Details are still scant, but regardless of the tactics that the attackers used to gain access to employees’ email accounts, one thing remains the same in most cyberattacks – the actions taken by ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article