The company's admission joins a spate of recent, high-profile breaches involving thousands of patients' information.
Inogen, a device company that manufactures oxygen supply units, is notifying roughly 30,000 customers of a data breach that may have compromised their personal and healthcare information.
In a Securities and Exchange Commission (SEC) filing Friday, the company said that an unauthorized third party accessed an employee email account sometime between January 2, 2018 and March 14, 2018. The company brought in a forensics firm to investigate the incident: That group found that names, addresses, telephone numbers, email addresses, dates of birth, dates of death, Medicare identification numbers, insurance policy information, and medical equipment usage may’ve been involved in the breach.
The data did not include payment information or medical records, Inogen noted, but it is offering credit monitoring and insurance reimbursement to potentially-effected device rental customers.
“The Company takes the security of information belonging to its customers very seriously and has taken steps to prevent a similar incident from occurring in the future,” it said in the SEC filing. It said that it is requiring all email users to change their passwords, and is implementing multi-factor authentication for remote email access. It’s also taking “additional steps to further limit access to its systems and other preventative measures, including but not limited to enhanced training and use of electronic tools.”
The news came as the company’s stock price was surging, reaching its highest point to date before the NASDAQ’s weekend close. Founded in 2001, it had raised over $70 million in venture money before its 2014 initial public offering.
Inogen’s breach joins a spate of recently-discovered incidents affecting the protected health information (PHI) of tens of thousands of people. Guardian Pharmacy of Jacksonville in Florida recently reported an email hacking incident that may have compromised over 11,000 patients’ PHI, while New York’s Middletown Medical reported an unauthorized access event that may have exposed over 63,000 patients through a misconfigured electronic medical record.