A US, California-based medical device manufacturer reported that 30,000 former and current customers may have had their personal information exposed when a company employee's email account was compromised.
Inogen stated in a Securities and Exchange Commission filing on 13 April that sometime between 2 January, 2018, and 14 March, 2018, a staffer's emails were accessed by an outside, unauthorised person and some of the messages and files attached to that worker's emails may have contained customer information. Inogen makes portable oxygen devices.
The data possibly captured includes customer name, address, telephone number, email address, date of birth, date of death, Medicare identification number, insurance policy information, and/or type of medical equipment provided. The company does not believe payment card information was involved.
The company is now in the process of notifying those involved and will make credit monitoring services available. Inogen is also putting into place new internal security operations to prevent this from happening again. These steps include requiring employees to change their passwords more frequently, implementing two-factor authentication, increasing training and adding new cyber-security tools.