Respiratory device maker Inogen says breach exposed customer data
A company that makes respiratory care equipment disclosed on Friday that it experienced a data breach that gave hackers access to customer information.
Inogen, which produces and sells portable devices to people with chronic respiratory issues, said in a Securities and Exchange Commission filing that “unknown persons” from outside the company obtained unauthorized access to employee emails.
Inogen said the breach occurred some time between Jan. 2 and March 14 this year, but did not say when it was discovered.
The company believes some of those emails possibly had sensitive information relating to Inogen’s rental customers. The filing does not say how the unauthorized access occurred.
Inogen says it has notified 30,000 current and former customers, granting them credit monitoring and an insurance reimbursement policy.
The customer data includes private information such as contact information, dates of birth, dates of death, Medicare identification number, insurance policy information and the type of equipment the company provided. The breach does not include payment information or medical records, Inogen said.
In addition to the customer data, Inogen said that attackers might have also accessed the company’s private financial information.
The company says that once it learned of the breach it immediately moved to secure customer information and hired a third party forensics firm to investigate and strengthen its security. It says it’s requiring employees to change their email passwords and implementing two-factor authentication.
Inogen is publicly traded and has seen its shares rise by about 80 percent in the past year.