#Privacy: Data breach at Minnesota Hospital affects 50K patients

Minnesota-based health operator, Alomere Health has become the latest victim of a data breach exposing the personal and medical information of 49,351 patients. 

In a security notice posted on its website, Alomere Health announced that an unauthorised person(s) gained access to an employee’s email account between October 31 and November 1, 2019. 

After securing the account, an investigation was launched where by a leading computer forensic firm was hired to assist. During the investigation, Alomere Health discovered unauthorised access to a second employee email account on November 6, 2019. 

Compromised data includes names, addresses, dates of birth, medical record numbers, health insurance information, treatment and diagnosis information. A limited amount of patients had their Social Security numbers and/or driver’s license numbers exposed. 

It has not been confirmed if the unauthorised party viewed any patient information, however, as a measure of caution letters have been sent to all patients whose information was found in the accounts. 

Alomere Health are offering free credit monitoring and identity protection services for those whose SSNs and driver license information was stored within the email accounts. 

“To lessen the likelihood this occurs in the future, we have put in place additional security measures for all of Alomere Health employee email accounts. It is through these additional layers of security, staff training, and diligence that we will continue to provide high-quality health care, close to home with safety and security,” said Alomere Health. 

In the latest “Cybercrime tactics and techniques: the 2019 state of healthcare report”, Malwarebytes explain that due to aging infrastructure, low IT budgets and a wealth of personally identifiable information, healthcare organisations are becoming prime targets for cyber criminals.

“Healthcare is vital to our population, industries and economy, which is why it’s an especially concerning industry to see targeted by cybercriminals,” said Adam Kujawa, Director of Malwarebytes Labs. 


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/