Cyber Incident Victim: Alomere Health

On November 6, 2019, Alomere Health staff discovered unauthorized access to an employee's email account, prompting an immediate investigation. Forensic analysis revealed the account was compromised between October 31 and November 1, 2019. During the investigation, a second employee email account breach was identified on November 10, 2019, which had occurred on November 6. The hospital engaged a forensic security firm to assist but could not confirm whether the unauthorized parties viewed any emails or attachments in either account. As a precaution, Alomere Health conducted a comprehensive review of both accounts' contents to assess potential data exposure. This review confirmed the compromised accounts contained protected health information for 49,351 patients, including names, addresses, dates of birth, medical record numbers, health insurance details, treatment information, and diagnosis data. A subset of patients also had Social Security numbers and driver's license numbers exposed through the breach.

Alomere Health began notifying affected patients on January 3, 2020, advising them to review insurance statements and medical bills for discrepancies. The hospital offered complimentary credit monitoring and identity protection services to individuals whose Social Security numbers or driver's license information was involved. Internal response measures included implementing additional security layers for all employee email accounts and conducting staff training to prevent future incidents. The breach was publicly disclosed alongside other healthcare sector incidents reported to the U.S. Department of Health and Human Services Office for Civil Rights during the same period. No evidence emerged regarding actual misuse of the exposed data, though the hospital emphasized vigilance in monitoring personal and medical records.