Aetna, a CVS Health Company

American managed health care company Aetna, accidentally exposed the HIV statuses of 12,000 of its patients.

The business sent letters to some of its clients advising them of modifications to the healthcare services they had previously gotten and it turned out that some of the letters' contents could be read from within their sealed envelopes.

The letters didn’t contain customers’ Social Security Numbers, bank account information, credit card information, medication names, or medical diagnoses.

They intends to institute additional safeguards to prevent incidents such as this (and other HIV-related privacy fiascos) from happening again.

Source: https://grahamcluley.com/oops-aetna-exposed-12000-customers-hiv-statuses-envelope-window/

"id": "AET05931122",
"linkid": "aetna",
"type": "Data Leak",
"date": "07/2017",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"