Updated Nov. 20: This incident was reported to HHS as impacting 114007 patients.
Original post:
Solara Medical Supplies, LLC in Chula Vista, California is notifying some of their patients and employees after discovering that attackers had successfully gained access to some employees’ email accounts that contained employee and patient information.
According to a press release issued Tuesday, on June 28, 2019, Solara determined that an unknown actor had gained access to a limited number of employee Office 365 accounts, from April 2, 2019 to June 20, 2019, as a result of a phishing attack.
On July 3, 2019, Solara determined that certain information present within the employee Office 365 accounts may have been accessed or acquired by an unknown actor at the time of the incident.
The personal information present in the accounts at the time of the incident varied by individual but may have included first and last names and one or more of the following data elements: name, address, date of birth, Social Security number, Employee Identification Number, medical information, health insurance information, financial information, credit / debit card information, driver’s license / state ID, passport information, password / PIN or account login information, billing / claims information, and Medicare ID / Medicaid ID.
Solara reset relevant account passwords and is reviewing and enhancing existing Solara policies and procedures to reduce the likelihood of a similar future event. In addition to obligatory notfications, Solara is offering those affected access to credit monitoring and identity protection services at no cost to impacted individuals.
Anyone seeking assistance or additional information may call 1-877-460-0157 (toll free), Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time. Individuals may also write to Solara at 2084 Otay lakes Rd #102, Chula Vista, CA 91913 or email [email protected] with questions. Additional information can also be found on Solara’s website, https://www.solara.com/dataincident.