Edgepark Medical Supplies hit by cyberattack, affecting 6,572 accounts

A hacker used a sophisticated cyberattack against Edgepark Medical Supplies to access the accounts of patients.

The Twinsburg, Ohio-based supplier was hit by a sophisticated gambit known as a “password spray attack,” in which the hacker repeatedly guesses a user’s account password via an automated process.

In May, Edgepark learned that the shipping address listed in the Edgepark accounts of 6,572 patients had been changed, and those customers’ orders were shipped to an address other than those entered by the customers.

HDM-061917-Breaches.png

As a result, it is possible that an attacker accessed Edgepark accounts without authorization, and the attacker could have viewed account information, the company told affected patients in a breach notification letter.

Also See: How to use cyber insurance to better transfer risk

The incident did not affect Social Security and credit card number and other financial information. but it did potentially compromise such data as customer names, dates of birth, addresses, products purchased and health insurance information.

“We are notifying all customers whose accounts have been identified by our security team as having experienced unusual activity,” patients were told. Any patients detecting unusual activity in their Edgepark account was advised to call the company.

Responding to the incident, Edgepark temporarily disabled online web access to the user accounts that may have been compromised and the company will process refunds to patients erroneously charged for an order.

“We have also notified law enforcement and are implementing additional security controls in an attempt to lessen the likelihood of future incidents,” the organization said in its letter.

Additional information on the breach was not available.

For reprint and licensing requests for this article, click here.