Inogen reveals rental customer data breach

Inogen today announced it was the victim of a data breach in which employee email messages containing sensitive customer information were accessed from an external agent without authorization. The Goleta, Calif.-based company said that messages were accessed externally between January 2 and March 14 this year, and contained attached files that “may have contained personal information belonging to Inogen rental customers,” as well as non-public financial information of the company. Inogen said that it immediately took steps to secure its customer information, including hiring a forensics firm to investigate the intrusion and improve its security. The forensics group determined that compromised rental customer personal information included names, addresses, telephone numbers, email addresses, dates of birth, dates of death, Medicare ID numbers, insurance policy information and specific medical equipment info, according to an SEC filing. Payment card information and medical records were not impacted, Inogen said. Inogen said it is taking steps to notify approximately 30,000 current and former customers of the breach and that it plans to provide resources, including credit monitoring and insurance reimbursement to assist in correcting the breach. The company said it has also notified the appropriate regulatory bodies of the breach. The company said it has forced updates on internal passwords following the incident, and that it has implemented multi-factor authenticati...
Source: Mass Device - Category: Medical Devices Authors: Tags: Business/Financial News Cybersecurity Inogen Source Type: news