Minnesota-based hospital operator Alomere Health this month began notifying patients of a data breach affecting 49,351 individuals, after a malicious actor gained access to two employee email accounts in late October and early November.
The first incident took place between Oct. 31 and Nov. 1, 2019, while the second account hijacking happened days later on Nov. 6, the health care provider said in a security notice posted on its website.
Compromised data includes names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis and treatment details information. A limited subset of patients also had their Social Security numbers and driver’s license numbers exposed. These patients will be offered free credit monitoring and identity protection services.
Alomere said it is unclear if the offending party actually viewed any of the personally identifying data, but as a measure of caution it has mailed letters to patients whose information was left vulnerable.
The hospital said that in response to the attack, it has “put in place additional security measures for all of Alomere Health employee email accounts.”
Based in Alexandria, Minn., the Alomere Health facility contains 127 beds for patients and features a Level III trauma center.
