Access TeleCare

The California Office of the Attorney General disclosed a data breach affecting Access TeleCare, a telehealth provider, on December 23, 2024. The incident occurred between November 6, 2023, and January 8, 2024, due to unauthorized access to employee email accounts. The breach exposed personal health information (PHI), including names, dates of birth, and medical records of 53 individuals. While the exact method of intrusion remains undisclosed, the compromised data suggests a targeted attack likely involving phishing or credential theft, given the focus on email accounts. The exposed PHI poses risks of identity theft, medical fraud, or reputational harm to affected patients. As a healthcare provider, Access TeleCare handles sensitive data, making this breach particularly critical due to regulatory non-compliance (e.g., HIPAA violations) and potential legal repercussions. The limited number of victims may mitigate some financial fallout, but the nature of the leaked data health records elevates the severity due to its sensitivity and long-term exploitation potential by threat actors.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-596609

TPRM report: https://www.rankiteo.com/company/access-telecare

"id": "acc724082025",
"linkid": "access-telecare",
"type": "Breach",
"date": "11/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '53',
                        'industry': 'Healthcare',
                        'location': 'California, USA',
                        'name': 'Access TeleCare',
                        'type': 'Healthcare Provider'}],
 'data_breach': {'number_of_records_exposed': '53',
                 'personally_identifiable_information': ['names',
                                                         'dates of birth'],
                 'sensitivity_of_data': 'High (PHI/PII)',
                 'type_of_data_compromised': ['Personal Health Information '
                                              '(PHI)',
                                              'Personally Identifiable '
                                              'Information (PII)']},
 'date_publicly_disclosed': '2024-12-23',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Access TeleCare. The breach occurred between '
                'November 6, 2023, and January 8, 2024, involving unauthorized '
                'access to email accounts potentially affecting personal '
                'health information such as names, dates of birth, and medical '
                'records. The total number of individuals affected is 53.',
 'impact': {'data_compromised': ['names', 'dates of birth', 'medical records'],
            'identity_theft_risk': 'Potential (due to exposed PII/PHI)',
            'systems_affected': ['email accounts']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['Potential HIPAA violation '
                                                    '(unauthorized PHI '
                                                    'access)'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Data Breach at Access TeleCare',
 'type': 'Data Breach'}

Access TeleCare

Pax8: Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Kaiser Permanente: Kaiser Permanente reaches $46 million settlement over data breach — how to file your claim

Grubhub: Grubhub confirms hackers stole data in recent security breach