Unauthorized Access of Tomo Drug Testing Led to the Compromise of Sensitive Data

Tomo Drug Testing in Springfield, MO, which is a drug screening services provider, discovered that an unauthorized person acquired access to its database that contains the sensitive data of drug screening subjects. The potentially compromised information included names, driver’s license numbers, Social Security numbers, state identification numbers, and results of drug tests.

Based on a statement issued by the provider, an unidentified person accessed the database on April 23, 2019 and May 9, 2019, downloaded data and took away some data from the database.

Tomo Drug Testing found out about the data breach on April 23, 2019 and investigated it. Forensics specialists came to investigate and know if data were taken or erased from the database. Although it was impossible to know if the database were duplicated and stolen, specific things were discovered to have been taken or erased from the database.

Access of the database seemed to have been because of utilizing compromised credentials. When the breach was discovered, the person who accessed the account already changed the password and account privileges in the database. All information was transferred to a safer system and the prior system was decommissioned. Tomo Drug Testing is implementing more security measures to avoid more these things from happening again.

It took a long process to figure out who were the people affected by the breach and which types of data in the database were affected. It was only on July 1, 2019 that Tomo Drug Testing discovered who were all the people affected by the breach and got current contact data. A substitute breach notice was released to media outlets because it was impossible to find the contact details of all the people affected.

As a safety precaution, Tomo Drug Testing sent notification letters to the affected people. The provider also offered to the affected people free credit monitoring and identity theft protection services. The number of people impacted by the breach is still uncertain.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone