Inogen, which manufactures portable oxygen devices, has alerted the Securities and Exchange Commission in a recent filing that it is notifying 30,000 individuals that their personal information was compromised when a hacker gained access to one of its employees’ email accounts through a phishing scheme.
The incident illustrates how the manufacturing sector is continuing to get hit with cyber-attacks, despite the fact that manufacturing companies view the risk of a data breach as low because they don’t typically collect, use or disclose customer personal information.
In this incident, the compromised employee’s email account contained the Medicare identification numbers, insurance policy information and the medical equipment provided to the individuals by the company.
The manufacturing sector, including device manufacturers, is often surprised at the amount of customer and/or employee personal information it has access to, collects and maintains outside of the usual places like the human resources department. When we assist manufacturers with data mapping, clients find that personal information is located in surprising places, including email accounts that can be compromised by phishing incidents.
This case is a reminder that manufacturers are at risk of a data breach and may wish to consider developing a privacy and security plan for management of the risk of compromise.