A hacker used a sophisticated cyberattack against Edgepark Medical Supplies to access the accounts of patients.
The Twinsburg, Ohio-based supplier was hit by a sophisticated gambit known as a “password spray attack,” in which the hacker repeatedly guesses a user’s account password via an automated process.
In May, Edgepark learned that the shipping address listed in the Edgepark accounts of 6,572 patients had been changed, and those customers’ orders were shipped to an address other than those entered by the customers.
As a result, it is possible that an attacker accessed Edgepark accounts without authorization, and the attacker could have viewed account information, the company told affected patients in a breach notification letter.
The incident did not affect Social Security and credit card number and other financial information. but it did potentially compromise such data as customer names, dates of birth, addresses, products purchased and health insurance information.
“We are notifying all customers whose accounts have been identified by our security team as having experienced unusual activity,” patients were told. Any patients detecting unusual activity in their Edgepark account was advised to call the company.
Responding to the incident, Edgepark temporarily disabled online web access to the user accounts that may have been compromised and the company will process refunds to patients erroneously charged for an order.
“We have also notified law enforcement and are implementing additional security controls in an attempt to lessen the likelihood of future incidents,” the organization said in its letter.
Date: July 29, 2019
Source: Health Data Management