Cyber Incident Victim: Beltone Hearing Aid Centers

An unauthorized third party gained access to an employee’s Microsoft 365 online account at Grohler Hearing Aid Center, Inc., operating as Beltone Hearing Aid Centers, on February 21, 2023. The breach originated when the employee responded to a phishing email, allowing the attacker to compromise the account. The incident was detected on March 1, 2023, after the employee received a fraudulent payment request from one of the company’s vendors, prompting an internal investigation. Forensic analysis confirmed the attacker accessed the email account on February 21 and reviewed documents containing identifiable patient information. Specific files were confirmed to have been accessed, including those with the full names, internal patient identification numbers, and insurance providers of 50 individuals. The investigation could not definitively rule out access to additional emails stored in the compromised account, though no direct evidence of data exfiltration or theft was discovered.

The broader email account contained a wider range of sensitive data, including patient names, treatment details such as hearing aid specifications, dates of birth, driver’s license numbers, Social Security numbers, insurance claims data, internal patient identifiers, and credit card or bank account information. Due to the inability to conclusively verify the extent of patient data exposure across all emails, Beltone chose to notify 5,272 individuals as a precautionary measure. Following the incident, the organization reset all employee email account passwords and implemented mandatory two-factor authentication to secure Microsoft 365 accounts. Additional technical safeguards were introduced to limit data exposure in future incidents, and workforce training on phishing awareness was reinforced to reduce susceptibility to similar attacks. No evidence suggested patient information was misused beyond the fraudulent payment attempt that initially flagged the breach.