Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Late last year, an Alomere Health data breach occurred through two employees’ email accounts, potentially compromising the data of an unknown number of patients.
The first time an unauthorized person accessed the email account of an Alomere Health employee occurred between Oct. 31 and Nov. 1 of 2019. The healthcare company said the account was immediately locked down and an outside computer forensics firm was hired to help. While investigating the unauthorized access, the firm found another employee’s email account also was accessed by an unauthorized user on Nov. 6, 2019. This breach was discovered on Nov. 10, 2019.
Despite the assistance of the outside computer forensics company, Alomere was unable to determine whether or not the person who committed the breach actually viewed any of the emails or attachments in the course of breaking into either email account.
Because of the uncertainty surrounding the extent of the breach, Alomere combed through the emails that could have been exposed.
According to Alomere, the following information was included in some of the exposed emails:
- Patient names
- Patient addresses
- Dates of birth
- Medical record numbers
- Health insurance information
- Treatment information
- Diagnostic information
In addition, “for a limited number of patients,” the Social Security numbers and/or driver’s license numbers may have been accessed as well.
According to a statement on Alomere’s website, complimentary credit monitoring and identity protection services are only being offered to those who may have had their Social Security numbers or driver’s license numbers compromised.
The healthcare company began notifying patients of the Alomere Health data breach on Jan. 3 ,2020. Alomere said they have no evidence that patient information was ever viewed by the hacker or that it was misused, but letters were mailed to all patients whose information was found in either email account.
Alomere Health Data Breach Shows Healthcare’s Vulnerability
The healthcare sector is particularly attractive to hackers for several reasons. While most hospitals and medical centers invest heavily in state-of-the-art diagnostic equipment, the need to protect computerized records often seems to be a low priority. Even after a cyberattack, a number of healthcare systems fail to upgrade their cyber security measures.
According to the Center for Internet Security, Personal Health Information (PHI) is worth more on the internet’s black market than Personally Identifiable Information (PII). Cyber thieves can collect about $2 on the black market for either credit card information or other PII, but PHI is worth up to $363 per health record, says the Infosec Institute.
A single person’s health history can help cyber thieves create false insurance claims and allow them to buy prescriptions for themselves or to resell to others.
“PHI is valuable because criminals can use it to target victims with frauds and scams that take advantage of the victim’s medical conditions or victim settlements,” says the Center for Internet Security.
No healthcare company – and certainly no patient – wants personal health information to become compromised. The federal government mandates that electronic health records are kept secure and protected as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Protecting the confidentiality, integrity and availability of electronic health information is federal law.
Still, almost 7 million patients have been impacted by hospital data breaches that include ransomware attacks since 2016, according to Comparitech, a cyber security company.
A ransomware attack is a data breach that includes encryption or inaccessibility of a health care facility’s records. Cyber thieves hold the hospital’s data hostage until the hospital pays the thieves a ransom, usually in untraceable internet money known as Bitcoin. Upon payment, the cyber thieves promise to release the hospital’s records or provide an encryption key, but sometimes, the thieves simply take the money and never release the data.
Even smaller, rural healthcare systems aren’t immune to cyberattacks. In fact, the National Rural Health Resource Center in cooperation with the Health Resources and Services Administration of the U.S. Department of Health and Human Services has created a cybersecurity toolkit to help smaller healthcare facilities protect their electronic records.
The Center suggests every healthcare facility provide annual training to its employees to ensure everyone is up-to-date on cyber security and what phishing emails or scams look like.
To help protect against data breaches caused by loopholes in work-from-home employees who log in remotely, the Center suggests sharing free antivirus software for staff to install on their home computers.
Alomere Health reports their electronic records control has been beefed up with extra security measures, staff training and strict oversight.
Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation
If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
2 thoughts onVulnerable Email Accounts Led to Alomere Health Data Breach
Please add me
add me please