Northwood suffered from data breach

On May 6, Northwood came to know about suspicious activity related to email account of an employee. Once discovered, the organization has immediately launched an investigation. Working together with one of the topmost computer forensics expert, the investigation determined that Northwood has suffered data breach after an unauthorized third-party has gained access to email account of an employee between May 3 and May 6 of this year.

As Northwood was not able to determine the email messages that might have been viewed or opened by the unauthorized individual or individuals in the compromised email account, they reviewed contents of the complete email account in order to identify the personal information that was stored in it.

On Jun. 19, 2019, Northwood has determined that the affected email account contain information related to the customers who has received the durable medical equipment that were either managed or supplied by Northwood. That information included the names, dates of birth, addresses, patient identification numbers, provider name, dates of service, medical device description, medical record numbers, diagnosis, diagnosis codes, member health plan identification, treatment information, and in a few instances, the driver's license number, Social Security number, and names of the health insurance provider.

In addition, the compromised email account contains information related to some healthcare providers in relation to their exclusion status with Centers for Medicare & Medicaid Services, which includes their names as well as Social Security numbers.

Northwood further said in their security notice that "although we cannot confirm that any individual's personal information was actually accessed, or viewed without permission, we are providing this notice out of an abundance of caution. While our investigation is ongoing, we do not currently have any evidence of actual or attempted misuse of any individual's information as a result of this incident".

Northwood follows strict and tight security measures to safeguard the information that they have in their possession. Once they became aware about this data breach incident, Northwood immediately took the compromised email account offline as well as changed the password of the email account. Additionally, Northwood has implemented compulsory password resets for all the employee email accounts as well as notified the employees to remain cautious against the suspicious emails.

Besides, the organization has also implemented more security measures to their email system. It is also providing both training as well as education to their employees, so as to prevent this kind of incidents from occurring in the future.

This current data breach incident has been reported to the law enforcement by Northwood. Further, the possibly impacted individuals were also notified about this incident and Northwood is providing complementary credit monitoring services to all the impacted individuals.

» SPAMfighter News - 8/6/2019