California medical device manufacturer reports breach of 30,000 consumers

Inogen reports a hacker accessed an employee email account for more than two months, according to an SEC filing.
By Jessica Davis
12:11 PM
Share
California medical device manufacturer Inogen data breach

Inogen's portable oxygen concentrator. Credit: YouTube

California-based Inogen, a manufacturer of portable oxygen concentrators, notified 30,000 customers that their data was breached after the hack of an employee email account in January, according to a Securities and Exchange Commission filing.

According to the report, an unauthorized user accessed an employee email account for more than two months between Jan. 2 and March 14. Based on the IP address used to access the account, the cybercriminal was located in a foreign country.

[Also: The biggest healthcare data breaches of 2018 (so far)]

The manufacturer hired a forensic firm to investigate and found the hacker may have accessed customer data, like Medicare identification numbers, insurance policy information and medical equipment type. Medical records, Social Security numbers and financial data were not included in the accessed emails.

Further, the investigation found stolen credentials were used to access the account, but could not determine how the credentials were obtained.

All impacted customers are being offered an insurance reimbursement policy and a year of free credit monitoring, as the insurance information stolen by the hackers can be used for medical fraud. The policy will cover losses in the event the stolen data is misused, but officials said it may not cover all incurred expenses.

Officials have implemented new security features to prevent future incidents, including two-factor authentication. Passwords have also been reset and employees have received additional training.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com