Allina Health said Friday that cyberattackers stole personal data from patients of its Apple Valley clinic, including Social Security numbers, bank account and routing numbers and billing and medical information such as symptoms and diagnosis.
The Minneapolis-based health care provider said no other Allina locations were impacted by the data breach, which happened when Netgain Technology, a contracted company that hosts the clinic’s IT network and computer systems, was hacked.
“We are committed to our patient’s privacy and we understand that these types of events can cause concern,” a statement read. “Although the Apple Valley Clinic was not targeted in this cyberattack, we are taking steps to enhance our own cybersecurity protocols and practices.”
Allina said it is contacting patients who may have been affected, and that it is not aware that any data was disclosed or used by those responsible for the cyberattack.
After Netgain Technology discovered the cyberattack, the St. Cloud-based company notified law enforcement and ultimately regained control of its systems and recovered affected data, according to Allina. Netgain notified Allina of the cyberattack on Dec. 2.
On January 29, after the Netgain systems were restored, Allina received confirmation that the stolen data contained patient information.
Allina said that “out of an abundance of caution” it is offering complimentary identity theft protection services to affected patients of the Apple Valley clinic, and that patients who may have been impacted can call 833-978-2828 from 8 a.m. to 6 p.m. Monday through Friday.
