Northwood suffered a data breach incident after unauthorized third-parties gained access to an employee’s email account.
On May 6, 2019, Northwood became aware of suspicious activity relating to an employee’s email account. Upon which, the organization launched an investigation and determined that an unauthorized third-party gained access to an employee’s email account between May 3, 2019, and May 6, 2019.
What information was involved?
On June 19, 2019, Northwood determined that the compromised email account contained information related to certain customers who received durable medical equipment either supplied or managed by Northwood.
The information included names, addresses, dates of birth, dates of service, provider name, medical record numbers, patient identification numbers, medical device description, diagnosis, diagnosis codes, treatment information, member health plan identification, Social Security numbers, driver’s license number, and health insurance provider names.
The email account also contained information related to certain healthcare providers in connection with their exclusion status with the Centers for Medicare & Medicaid Services, including their names and Social Security numbers.
What was the response?
“Although we cannot confirm that any individual’s personal information was actually accessed, or viewed without permission, we are providing this notice out of an abundance of caution. While our investigation is ongoing, we do not currently have any evidence of actual or attempted misuse of any individual’s information as a result of this incident,” Northwood said in a security notice.