Dohman, Akerlund & Eddy reports data breach affecting nearly 10,000 individuals

Dohman, Akerlund & Eddy, a tax, accounting, and business consulting firm based in Aurora, Nebraska, has reported a data breach involving the protected health information (PHI) of 9,941 individuals. The breach, stemming from unauthorized access to its network, was recently disclosed to the Department of Health and Human Services’ Office for Civil Rights.

The firm discovered the network intrusion on February 28, 2024, and forensic analysis determined that the breach likely began on or before that date. The compromised data originated from hospitals in the Aurora area that engaged Dohman, Akerlund & Eddy for auditing services.

Following the breach, the firm enlisted third-party data review specialists to assess the impact and identify affected individuals. On September 26, 2024, the investigation confirmed that the breached files contained PHI, including sensitive details such as names, addresses, dates of birth, Social Security numbers, health insurance information, claims data, diagnosis and treatment details, and treatment cost information.

Although the firm stated there is no evidence suggesting misuse of the compromised information, it has taken proactive steps to mitigate potential risks. Affected individuals have been offered complimentary Single Bureau Credit Monitoring, Credit Report, and Credit Score services to safeguard against identity theft and fraud.

The breach highlights the risks posed to third-party service providers in handling sensitive healthcare data, emphasizing the need for stringent cybersecurity practices. Dohman, Akerlund & Eddy has not disclosed specific details about the vulnerabilities exploited in the attack or measures taken to prevent future incidents.