Getty Images/iStockphoto

Electromed Data Breach Impacting Customers', Staffers’ PHI

A cyberattack on a Minnesota company caused a data breach of PHI.

The maker of an airway clearance device is notifying an estimated 47,000 individuals of a data breach that is impacting their protected health information (PHI.) 

Electromed, a Minnesota-based company, reported the breach to the US Department of Health and Human Services Office for Civil Rights on Augst 9. The breach is impacting a total of 47,000 individuals, according to the OCR website. 

“On June 16, 2021, we determined that an unauthorized third party gained access to a limited number of our files,” Electromed said in a notification published on its website. “Upon discovery, we immediately initiated an investigation and hired third-party cybersecurity experts to assist in investigating the source and scope of the unauthorized activity, and to further secure our systems. Law enforcement was also notified.” 

Investigators determined that “the unauthorized third-party accessed certain files containing certain information of customers, employees, and some third-party contractors,” the notification states.  “Those files included customers’ protected health information, such as: first and last name, full mailing address, medical information and health insurance information. For associates, Social Security numbers, driver’s license numbers, and financial account information may have been accessed.”  

The Minnesota-based company, which manufactures airway clearance devices, began notifying impacted individuals of the data breach with notification letters, according to the notice.  

Currently, there is no evidence that any of the breached data “was used inappropriately, and we have not received any reports of identity theft associated with this incident,” the statement reads. “However, we are offering complimentary credit monitoring and identity theft protection services to involved individuals.” 

Those impacted by this data security incident should review their healthcare statements and health insurance statements for discrepancies, the notice advises. “If customers see charges for services they did not receive, they should contact the provider or insurer immediately,” it states.  

“Protecting the privacy of customers’ personal information is important to us, and we regret any inconvenience this incident may cause its customers,” the company states in the notice.  

“To help prevent a similar incident from occurring in the future, we have taken steps to enhance the security of its systems, and continues to review its security protocols and processes, and enhancing employee training and education,” it states.  

Indvidual's with questions or concerns about the data security incident can contact Electromed’s dedicated call center at 855-623-1962, Monday through Friday, between 8:00 am and 5:30 pm CDT. 

Next Steps

Dig Deeper on Healthcare data breaches