A company that bills itself as a 'one-stop shop for Durable Medical Equipment (DME) and Medical Business needs' says personally identifying information has been taken from its servers during a breach.
Cornerstone Business and Management Services, based in Lincoln Nebraska, is a third-party to a number of companies that make and sell medical supplies. It offers help with shipping, sales, and aspects of starting and growing a business.
Breach Discovered During Log Review
"On July 10, 2017, during our routine review of our system logs, we discovered an account on our server that we did not recognize. We examined the account and determined that it was downloading information stored on our server, including personal information about Certified Medical Supplie's patients."
The notification says information involved included name, address, date of birth and insurance information which may include a social security number.
The medical supply company's breach notice was filed in the last few days and the company offered free credit monitoring.
Fortunately, no patient diagnosis information appears to have been taken.
"Please accept our deepest apologies for this situation. We are reviewing and strengthening our data security practices in light of it," the company says.
This case raises an important question. A question you need an answer to: how secure are the third-party vendors you use in your business?
