Inogen reports data security incident

 - 
Friday, April 13, 2018

GOLETA, Calif. – An Inogen employee’s email account was accessed by unknown persons outside the company without authorization, it announced in an April 13 Form 8-K filing with the Securities and Exchange Commission.

Some of the account’s messages—and the files attached to them—may have contained personal information belonging to Inogen rental customers. That personal information included names, addresses, telephone numbers, email addresses, dates of birth, dates of death, Medicare identification numbers, insurance policy information and/or type of medical equipment provided. It did not include payment card information or medical records.

Additionally, the unknown persons may have gained access to Inogen’s non-public financial information.

The unauthorized access appears to have occurred between Jan. 2, 2018, and March 14, 2018.

Inogen is notifying approximately 30,000 current and former customers of the incident. It will provide resources, including credit monitoring and an insurance reimbursement policy, to assist them.

In the wake of the incident, Inogen, which has hired a forensics firm to help investigate the incident and bolster its security, has required all email users to change their passwords. It has also implemented multi-factor authentication for remote email access and has taken additional steps and other preventative measures to further limit access to its systems, including enhanced training.