Cyber Incident Victim: Solara Medical Supplies

Unauthorized actors gained access to employee Office 365 accounts at Solara Medical Supplies between April 2 and June 20, 2019, through successful phishing attacks. The breach persisted for nearly eleven weeks before detection, exposing sensitive personal, medical, and financial information. Compromised data included full names, physical addresses, Social Security numbers, protected health information related to medical conditions or treatments, and financial details. As a major national supplier of diabetes management equipment such as insulin pumps and continuous glucose monitors, Solara handled substantial volumes of sensitive patient data, though the exact number of affected individuals remained undisclosed in public disclosures. The incident impacted both current and former patients and employees whose information resided within the breached email accounts.

Solara initiated password resets for compromised accounts upon discovering the intrusion and notified affected individuals directly. The company advised vigilance regarding identity theft and fraud risks, specifically recommending scrutiny of financial statements, credit reports, and healthcare explanation of benefits documents. No additional technical containment measures or forensic methodology details were disclosed publicly. The breach exposed multiple data categories simultaneously—combining personally identifiable information, protected health records, and financial data—potentially enabling comprehensive identity theft or medical fraud against victims. Other healthcare entities, including Select Health Network, experienced similar email account breaches during overlapping timeframes, though Solara’s incident specifically stemmed from phishing rather than ransomware or indiscriminate system hacking.