The American Association of Colleges of Osteopathic Medicine (AACOM) experienced a data breach in September 2024, compromising the highly sensitive personal and health information of over 67,000 individuals, including osteopathic medical school applicants. The breach stemmed from alleged insufficient data security practices, exposing personal identifiable information (PII) and protected health data. The incident led to a class-action settlement, indicating significant legal and reputational repercussions. The exposed data likely included medical records, application details, and other confidential applicant information, heightening risks of identity theft, fraud, and unauthorized disclosure of sensitive health-related data. The scale and nature of the breach suggest severe operational and trust-related consequences for AACOM, particularly given the involvement of future healthcare professionals.
TPRM report: https://www.rankiteo.com/company/aacom_2
"id": "aac2002620091025",
"linkid": "aacom_2",
"type": "Breach",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '67,000+ (including osteopathic '
'medical school applicants)',
'industry': 'Education / Healthcare',
'location': 'United States',
'name': 'American Association of Colleges of '
'Osteopathic Medicine (AACOM)',
'type': 'Non-profit Organization'}],
'data_breach': {'data_exfiltration': 'Likely (implied by breach description)',
'number_of_records_exposed': '67,000+',
'personally_identifiable_information': 'Yes (highly '
'sensitive)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Health Data']},
'description': 'The American Association of Colleges of Osteopathic Medicine '
'(AACOM) agreed on a class settlement with osteopathic medical '
'school applicants and others impacted by a September 2024 '
'data breach. The breach allegedly resulted from insufficient '
'data security practices, affecting over 67,000 individuals '
'and exposing highly sensitive personally identifiable '
'information (PII) and health data.',
'impact': {'brand_reputation_impact': 'Settlement agreement reached, '
'indicating reputational harm',
'customer_complaints': 'Class-action lawsuit filed (amended '
'complaint in US District Court for the '
'District of Maryland)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Health Data'],
'identity_theft_risk': 'High (due to exposure of sensitive PII and '
'health data)',
'legal_liabilities': 'Class settlement agreed upon'},
'investigation_status': 'Settlement reached (implied resolution)',
'post_incident_analysis': {'root_causes': 'Alleged failure to maintain '
'sufficient data security '
'practices'},
'references': [{'source': 'US District Court for the District of Maryland '
'(Amended Complaint)'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit (settlement '
'reached)'},
'response': {'communication_strategy': 'Class settlement agreement'},
'title': 'American Association of Colleges of Osteopathic Medicine Data '
'Breach (September 2024)',
'type': 'Data Breach'}