California medical device manufacturer reports breach of 30,000 consumers
California-based Inogen, a manufacturer of portable oxygen concentrators, notified 30,000 customers that their data was breached after the hack of an employee email account in January, according to a Securities and Exchange Commission filing.
According to the report, an unauthorized user accessed an employee email account for more than two months between Jan. 2 and March 14. Based on the IP address used to access the account, the cybercriminal was located in a foreign country.
The manufacturer hired a forensic firm to investigate and found the hacker may have accessed customer data, like Medicare identification numbers, insurance policy information and medical equipment type. Medical records, Social Security numbers and financial data were not included in the accessed emails.
Further, the investigation found stolen credentials were used to access the account, but could not determine how the credentials were obtained.
All impacted customers are being offered an insurance reimbursement policy and a year of free credit monitoring, as the insurance information stolen by the hackers can be used for medical fraud. The policy will cover losses in the event the stolen data is misused, but officials said it may not cover all incurred expenses.
Officials have implemented new security features to prevent future incidents, including two-factor authentication. Passwords have also been reset and employees have received additional training.