Medical Supplies reported on November 13 that its system was exposed for
several months earlier this year after several employees fell for a phishing
scam giving access to their Office 365 accounts to an unauthorized person.
The illegal access was discovered on June 28, 2019 and a further investigation found the data breach existed from April 2, 2019 to June 20, 2018, the company reported. The compromised information included customer and employee first and last names and one or more of the following data elements: name, address, date of birth, Social Security Number, employee identification number, medical information, health insurance information, financial information, credit/debit card information, driver’s license/state ID, passport information, password/PIN or account login information, billing /claims information, and Medicare ID/Medicaid ID.
did not report how many people were impacted.
it has reset the passwords on the affected accounts, is reviewing its cybersecurity
policies and has notified the people affected.