The California Office of the Attorney General disclosed a data breach affecting **Abbott Laboratories** on **April 17, 2015**, stemming from a **cyber-attack** on **Anthem Blue Cross Blue Shield** (a third-party vendor) on **December 1, 2014**. The incident exposed sensitive personal information of individuals enrolled in the **Abbott Plan**, including **names, dates of birth, member ID numbers, home addresses, phone numbers, email addresses, and employment details**. The breach originated from a sophisticated external cyber intrusion targeting Anthem’s IT systems, compromising a database containing records linked to Abbott’s employees and plan members. While the attack did not involve financial data (e.g., credit cards or bank accounts) or medical records, the exposed information posed significant risks for **identity theft, phishing scams, and fraudulent activities**. Abbott Laboratories, as the affected organization, was required to notify impacted individuals and implement remedial measures, including credit monitoring services. The breach underscored vulnerabilities in third-party vendor security protocols and highlighted the cascading risks of supply-chain cyber attacks in the healthcare sector. No ransomware was involved, but the scale of exposed personally identifiable information (PII) marked it as a severe incident with long-term reputational and operational consequences for Abbott.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-49420
TPRM report: https://www.rankiteo.com/company/abbott-
"id": "abb039091825",
"linkid": "abbott-",
"type": "Cyber Attack",
"date": "12/2014",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'United States (California)',
'name': 'Abbott Laboratories',
'type': 'Corporation'},
{'industry': 'Healthcare',
'location': 'United States',
'name': 'Anthem Blue Cross Blue Shield',
'type': 'Health Insurance Provider'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Health Insurance Information']},
'date_detected': '2014-12-01',
'date_publicly_disclosed': '2015-04-17',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Abbott Laboratories on April 17, 2015. The '
'breach occurred on December 1, 2014, due to a cyber-attack on '
'Anthem Blue Cross Blue Shield, exposing personal information '
'of individuals associated with the Abbott Plan, including '
'names, dates of birth, member ID numbers, addresses, phone '
'numbers, email addresses, and employment information.',
'impact': {'data_compromised': ['names',
'dates of birth',
'member ID numbers',
'addresses',
'phone numbers',
'email addresses',
'employment information'],
'identity_theft_risk': 'High (PII exposed)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at Abbott Laboratories via Anthem Blue Cross Blue '
'Shield Cyber-Attack',
'type': 'Data Breach'}