Health Aid of Ohio, a full-service home medical equipment company based in Parma, OH, has found out that unauthorized persons acquired access to its systems and copied certain files from its system. The breach was discovered on February 19, 2021 upon detection of suspicious network activity. Health Aid of Ohio quickly took action to remove the attackers from the system and keep safe all patient information.
A breach investigation confirmed that the attacker accessed and exfiltrated files from Health Aid’s networks, however, it can’t be determined precisely which files were taken from its systems. Possibly, several of the exfiltrated files included the protected health information (PHI) of VA plan members.
The data potentially accessed included names, phone numbers, addresses, and particulars of the kind of equipment sent to homes or was fixed in people’s homes. The PHI of people who got services via their insurance provider or healthcare company included names, phone numbers, birth dates, Social Security numbers, insurance details, diagnosis data, and type of equipment.
Although the above details might have been stolen, there are no reports received that suggest any falsified misuse of the above data thus far.
Health Aid of Ohio hasn’t shared how the attackers obtained systems’ access and if there was malware or ransomware used. But it has informed the Federal Bureau of Investigation (FBI) and proper authorities. The breach report sent to the HHS’ Office for Civil Rights shows that around 141,149 people were potentially affected.