A ransomware attack in mid-April resulted in the compromise of customer and employee data at Airway Oxygen, a Grand Rapids, Mich.-based provider of home medical equipment.
How many victims? Patient health information for approximately 550,000 current and past customers, plus personal information of approximately 1,160 current and former employees of Airway and its sister company.
What type of information? Full name, home address, birth date, telephone number, diagnosis, type of service, health insurance policy number. No bank account numbers or debit or credit card numbers or Social Security numbers were exposed.
What happened? While a statement from the company said there was no indication that any data was acquired, attackers gained access to the company's infrastructure in mid-April and planted ransomware that affected the company's network.
What was the response? The company became aware of the breach on April 18 and took "immediate steps to secure its systems and assess the source and impact of the intrusion." Those affected are being notified and provided with resources to aid them in securing their data. The company is working with cybersecurity experts to bolster security on its network.
Quote "This criminal act against our companies, our customers and our employees is something we must now work hard to overcome.” – Stephen Nyhuis, president, Airway Oxygen.
Source: Airway Oxygen