Oxygen therapy group is reassessing its security protocols
The personal details of up to 30,000 US healthcare patients may have been compromised, after medical equipment supplier Inogen disclosed a major breach this week.
The California-based firm, which supplies portable oxygen devices to 4.5 million patients worldwide, revealed the leak in a recent SEC filing.
An employee’s account was reportedly compromised between January 2, 2018, and March 14, 2018, leading to fears that an unauthorized third party may have accessed the private data of up to 30,000 customers.
According to reports no payment card details were accessed, but leaked data includes names, addresses, telephone numbers, email addresses, dates of birth, dates of death, Medicare identification numbers, insurance policy information, and type of medical equipment provided.
Inogen is informing those customers who could have been affected and is increasing security to ensure it doesn’t happen again, it claims.
This includes employing two-factor authentication on employee devices and increasing cybersecurity training.
The incident was one of two healthcare breaches to be reported this week, as Texas Healthcare Resources also revealed it had been a victim.
It issued a notice notifying customers that an employee’s email account may have led to a leak of information in October 2017.
The firm, which owns 29 hospitals across Texas, was notified in January that up to 4,000 people may have been affected.
Names, medical record numbers, dates of birth, addresses, insurance information, clinical information, and in some instances Social Security numbers, driver’s license details, and state identification numbers were among the data thought to have been accessed.
It said of its decision not to disclose in January: “We respected law enforcement’s request and began our own internal investigation, including hiring a leading forensic firm to assist us.
“Law enforcement has now indicated we could notify our patients regarding this incident.”
Last week, the NHS digital director warned that another WannaCry attack is imminent, one year after the ransomware assault crippled services across the UK.
And McAfee chief scientist Raj Samani told The Daily Swig that the healthcare system is being “disproportionately targeted” by cybercriminals looking to make money.
He said: “They are disproportionately attacking the healthcare sector and they do that because it’s perceived as a weaker target.
“It’s perceived as low-hanging fruit, so they do that because sadly what happens is when people pay they continue to do this.
“Criminals will only go after something if there’s a return on investment, if they can make money out of it.”