Alomere Health said that it’s begun notifying patients of a security incident that involved the compromise of two employees’ email accounts.

According to a statement posted to its website, Alomere Health began notifying its patients on January 3, 2020 of an email security incident that might have exposed some of their information.

The general medical and surgical hospital located in Alexandria, Minnesota first learned of the incident on November 6, 2019. At that time, Alomere officials discovered that an unauthorized individual had gained access to a hospital employee’s email account in late-October/early-November.

In response to the incident, Alomere Health launched an investigation with the help of a computer forensic firm to determine what happened. This effort revealed that attackers had compromised the email account of another employee on November 6, 2019. It also uncovered that malicious actors might have accessed some patients’ information including their names, dates of birth, medical record numbers and health insurance information contained within emails stored on those accounts.

Per the statement, hospital officials believe that the incident possibly affected the Social Security Numbers and driver’s license numbers for a small number of patients.

After securing the affected employees’ email accounts, Alomere Health began notifying patients of the incident. It said it would be offering complimentary credit monitoring and identity protection services to them. It also clarified that it was taking steps to prevent similar incidents from occurring in the future.

As quoted in its statement:

We regret this unauthorized action occurred and that it may cause inconvenience for our patients. To lessen the likelihood this occurs in the future, we have put in place additional security measures for all of Alomere Health employee email accounts. It is through these additional layers of security, staff training, and diligence that we will continue to provide high-quality health (Read more...)