A security breach that occurred during June 2021 at Electromed Inc. that involved unauthorized people obtaining access to the groups databases.
The New Prague, Michigan developer and producer of airway clearance devices, revealed that the breach was initially discovered on June 16, 2021. Once this discovery was made the group quickly moved to mitigate any additional unauthorized access attempts. Once this was completed the group launched an internal investigation in order to gauge the extent of the breach and ascertain how it was able to happen in the first place. In order to assist with this process an external firm of cybersecurity specialists were contracted to provide their expertise.
The group discovered that the breach occurred when specific files were illegally accessed, holding the personal and protected health information (PHI) of some of its clients along with a portion of the data linked to staff members, employees and external third-party partners. An in-depth review was carried out on all of the files located in the databases that were breached. This review discovered that these impacted databases were holding PHI such as customers’ first and last names, mailing addresses, medical data, health insurance details and, for associates, Social Security numbers, driver’s license data, and financial account specifics.
In the investigation nothing has been found to suggest that there has been improper use of PHI and, to date, there have been no official reports submitted to indicate that there have been any instances of identity theft that may have been connected to the security breach. However it has not been possible to completely eliminate the possibility that any or all of the above range of information may have been infiltrated by the cybercriminals responsible for the data breach.
In order to address this possibility, and to prevent any chance of identity theft or fraud being committed, free credit monitoring and identity theft protection services have been provided to any individual whose PHI may have been impacted. Additionally, all these individuals have been warned to keep a close check on their official credit reports, financial details, and explanation of benefits statements for anything to suggest that fraudulent activity may have taken place.
In the official substitute breach notice submitted to OCR by Electromed it was stated that: “Protecting the privacy of customers’ personal information is important to us, and we regret any inconvenience this incident may cause its customers. To help prevent a similar incident from occurring in the future, we have taken steps to enhance the security of its systems, and continue to review its security protocols and processes, and enhance employee training and education.”
It was also estimated, in the breach report sent to the HHS’ Office for Civil Rights, that as many as 47,200 individuals may have been impacted in the breach.