A health company in Minnesota says it has been the victim of a data breach, and has emailed almost 50,000 patients to inform them some of their data may have been compromised.
Alexandria-based Alomere Health said it learned of the first of two breaches on Nov. 6, finding that an unauthorized person had gained access to an employee's email account between Oct. 31 and Nov. 1.
During the investigation, they discovered unauthorized access to a second email account that happened on Nov. 6.
While it's unclear if the unauthorized actor viewed emails or attachments in either of the accounts, the company reviewed all of the emails in each to check what information was available to them.
"From this review, we determined that portions of some patients’ information were contained in the email accounts. This information may have included patients’ names, addresses, dates of birth, medical record numbers, health insurance information, treatment information, and/or diagnosis information. For a limited number of patients, Social Security number and/or driver’s license numbers were also found in the accounts."
The U.S. Department of Health and Human Services Office for Civil Rights website says that 49,351 people have been affected by the breach.
"Even though we have no confirmation that patient information was actually viewed by the unauthorized person(s), or that it has been misused, we mailed letters to patients whose information was found in the accounts," Alomere said.
It's offering free credit monitoring and identity protection services, and is also urging patients review any statements they get from their health insurers and healthcare providers, to see if there are any services they did not receive.
Alomere Health operates clinics in Alexandria and Osakis,as well as Heartland Orthopedic Specialists.