Alive Hospice

Alive Hospice became aware of unusual activity related to an employee’s email account.

Through the investigation, which included working with third-party forensic investigators, Alive Hospice determined that an unauthorized individual(s) gained access to a single Alive Hospice employee email account.

The compromised information includes name, contact information, date of birth, Social Security number, driver’s license, credit/debit card number, medical history information.

The organization immediately took steps to respond to and investigate this activity and change the user’s password.

Source: https://www.databreaches.net/tn-alive-hospice-notifies-patients-or-next-of-kin-after-discovering-unauthorized-access-to-an-employees-email-account/

TPRM report: https://scoringcyber.rankiteo.com/company/alive-hospice

"id": "ali03827323",
"linkid": "alive-hospice",
"type": "Data Leak",
"date": "07/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'name': 'Alive Hospice',
                        'type': 'Hospice'}],
 'attack_vector': 'Email Account',
 'data_breach': {'personally_identifiable_information': True,
                 'type_of_data_compromised': ['Name',
                                              'Contact Information',
                                              'Date of Birth',
                                              'Social Security Number',
                                              'Driver’s License',
                                              'Credit/Debit Card Number',
                                              'Medical History Information']},
 'description': 'Alive Hospice became aware of unusual activity related to an '
                'employee’s email account. Through the investigation, which '
                'included working with third-party forensic investigators, '
                'Alive Hospice determined that an unauthorized individual(s) '
                'gained access to a single Alive Hospice employee email '
                'account. The compromised information includes name, contact '
                'information, date of birth, Social Security number, driver’s '
                'license, credit/debit card number, medical history '
                'information. The organization immediately took steps to '
                'respond to and investigate this activity and change the '
                'user’s password.',
 'impact': {'data_compromised': ['Name',
                                 'Contact Information',
                                 'Date of Birth',
                                 'Social Security Number',
                                 'Driver’s License',
                                 'Credit/Debit Card Number',
                                 'Medical History Information']},
 'initial_access_broker': {'entry_point': 'Email Account'},
 'response': {'containment_measures': ['Change the user’s password'],
              'incident_response_plan_activated': True,
              'third_party_assistance': True},
 'threat_actor': 'Unauthorized individual(s)',
 'title': 'Email Account Compromise at Alive Hospice',
 'type': 'Email Account Compromise'}