Alomere Health employees fell for phishing scam, giving access to 50,000 patients’ data

Risk to Small Business: 1.777 = Severe: Two employees fell for a phishing scam that gave hackers access to patients’ protected health information. The first breach occurred between October 31, 2019 and November 1, 2019, while a second breach took place on November 6, 2019. In response, the company is updating its email security protocols, an effort that won’t restore the stolen data nor repair the company’s already-damaged reputation. In addition, Alomere Health could face regulatory penalties because of the nature and scope of the data breach.

Individual Risk: 2.285 = Severe: The compromised employee email accounts stored patient data, including names, addresses, dates of birth, medical record numbers, health insurance information, along with sensitive diagnosis and treatment details. In addition, some patients had their Social Security numbers and driver’s license numbers exposed. Alomere Health is offering free credit and identity monitoring services to those impacted by the breach, and anyone affected should enroll in these services. In addition, they should be especially critical of online communications, as the stolen data can be deployed in phishing scams that can collect additional personal data.