The California Office of the Attorney General disclosed a data breach affecting ACE Surgical Supply Company, Inc. on November 19, 2021, stemming from an incident on June 29, 2021. Unauthorized actors gained access to files potentially containing sensitive information, including individual and business names, contact details, DEA numbers, and physician state license numbers. The breach exposed personally identifiable information (PII) and professional credentials, though the exact number of impacted individuals remains undetermined. The compromised data poses risks such as identity theft, fraudulent use of medical licenses, and targeted phishing attacks against healthcare professionals. While no financial records or patient health data were explicitly mentioned, the exposure of DEA and license numbers could enable malicious actors to impersonate medical personnel or exploit regulatory gaps. The breach underscores vulnerabilities in the company’s data security measures, particularly in safeguarding high-value professional identifiers. The incident aligns with broader trends in healthcare sector breaches, where third-party suppliers often become entry points for cybercriminals seeking to exploit trusted vendor relationships. The lack of clarity on the affected population further complicates mitigation efforts, leaving both individuals and associated businesses at prolonged risk.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-547800
TPRM report: https://www.rankiteo.com/company/ace-medical-co
"id": "ace316090625",
"linkid": "ace-medical-co",
"type": "Breach",
"date": "6/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Medical/Healthcare Supply',
'location': 'California, USA',
'name': 'ACE Surgical Supply Company, Inc.',
'type': 'Business'}],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to files)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes PII and professional '
'license numbers)',
'type_of_data_compromised': ['individual names',
'business names',
'contact information',
'DEA numbers',
'physician state license '
'numbers']},
'date_detected': '2021-06-29',
'date_publicly_disclosed': '2021-11-19',
'description': 'The California Office of the Attorney General reported a data '
'breach involving ACE Surgical Supply Company, Inc. on '
'November 19, 2021. The breach occurred on June 29, 2021, and '
'involved unauthorized access to files that may have contained '
'individual and/or business names, contact information, and '
'DEA and physician state license numbers. The number of '
'affected individuals is currently unknown.',
'impact': {'data_compromised': ['individual names',
'business names',
'contact information',
'DEA numbers',
'physician state license numbers'],
'identity_theft_risk': 'Potential (due to exposed PII and license '
'numbers)'},
'initial_access_broker': {'high_value_targets': ['DEA numbers',
'physician state license '
'numbers']},
'investigation_status': 'Disclosed; number of affected individuals unknown',
'references': [{'date_accessed': '2021-11-19',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (if '
'healthcare data involved)',
'California Data Breach '
'Notification Law'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at ACE Surgical Supply Company, Inc.',
'type': 'Data Breach'}