Medical info of 49,351 patients exposed in Alomere Health hospital breach

Pierluigi Paganini January 07, 2020

Minnesota-based Alomere Health discloses a data leak that exposed personal and medical information of 49,351 patients.

Personal and medical information of 49,351 patients of Minnesota-based Alomere Health might have been exposed following the compromise of two employees’ email accounts.

Alomere Health is a general medical and surgical hospital in Alexandria, MN, with 127 beds. It is accredited by the Healthcare Facilities Accreditation Program (HFAP), has a Level III trauma center and has twice been named as one of the Top 100 Hospitals by Thomson Reuters. 

Exposed data include names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis and treatment details information. Attackers also accessed Social Security numbers and driver’s license numbers for some patients. 

The incident was discovered on November 6, 2019, the IT staff discovered that an employee’s email account was accessed by at least one unauthorized third party between October 31 and November 1, 2019.

The Alomere Health hospital started notifying impacted patients on January 3, 2020.

The hospital launched an investigation with the help of an external forensic firm, and on November 10 the experts discovered that also a second employee’s email was compromised on November 6.

“The investigation was unable to determine whether the unauthorized person(s) actually viewed any email or attachment in either account,” reads the hospital’s breach notification.

“In an abundance of caution, we reviewed the emails and attachments in the accounts to identify patients whose information may have been accessible to the unauthorized person(s).” “In an abundance of caution, we reviewed the emails and attachments in the accounts to identify patients whose information may have been accessible to the unauthorized person(s). From this review, we determined that portions of some patients’ information were contained in the email accounts.”

Alomere Health is going to offer impacted patients free credit monitoring and identity protection services.

The hospital announced to have implemented additional security measures to prevent future incidents, including staff training.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Alomere Health, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment