Device manufacturer Tandem Diabetes Care began alerting 140,781 patients that their personal information may have been exposed in a phishing attack.
In January, Tandem Diabetes Care discovered that an unauthorized person had gained access to an employee’s email account. After an investigation, the manufacturer determined that the unauthorized person had access to a limited number of employee email accounts between Jan. 17 and Jan. 20.
Patient data stored in the email accounts that may have been exposed included names, services provided, clinical information and Social Security numbers.
Since the incident, Tandem Diabetes Care has implemented additional email security controls and strengthened its user authorization and authentication process. The manufacturer recommends patients review any billing statements they receive from healthcare providers.