The California Office of the Attorney General disclosed a data breach affecting Han Van Duong, M.D. on January 14, 2025, stemming from a burglary on October 17, 2024. Three laptop computers containing patient medical records and Social Security Numbers (SSNs) were stolen. While the exact number of impacted individuals remains undisclosed, the breach exposed highly sensitive personal and health data, posing risks of identity theft and financial fraud. Affected patients were offered credit monitoring services as a mitigative measure. The incident highlights vulnerabilities in physical security controls for devices storing protected health information (PHI), raising concerns over compliance with HIPAA and other data protection regulations. The theft of unencrypted or inadequately secured laptops exacerbates the severity, as the compromised data could be exploited for malicious purposes, including medical identity fraud or targeted phishing attacks against patients.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-597341
TPRM report: https://www.rankiteo.com/company/american-international-hospital
"id": "ame224082125",
"linkid": "american-international-hospital",
"type": "Breach",
"date": "10/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unspecified (patients with '
'potential SSN exposure)',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Han Van Duong, M.D.',
'type': 'Healthcare Provider'}],
'attack_vector': 'Physical Theft (Burglary)',
'customer_advisories': 'Patients with potential SSN exposure offered credit '
'monitoring services',
'data_breach': {'data_exfiltration': 'Yes (via physical theft)',
'personally_identifiable_information': 'Yes (Social Security '
'Numbers)',
'sensitivity_of_data': 'High (includes PII and PHI)',
'type_of_data_compromised': ['Medical Information',
'Social Security Numbers '
'(potential)']},
'date_detected': '2024-10-17',
'date_publicly_disclosed': '2025-01-14',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Han Van Duong, M.D. on January 14, 2025. The '
'breach occurred on October 17, 2024, due to a burglary that '
'resulted in the theft of three laptop computers containing '
'medical information for patients. The number of affected '
'individuals is unspecified, but patients whose Social '
'Security Numbers may have been compromised are offered credit '
'monitoring services.',
'impact': {'data_compromised': ['Medical Information',
'Social Security Numbers (potential)'],
'identity_theft_risk': 'High (due to potential SSN exposure)',
'systems_affected': ['3 Laptop Computers']},
'initial_access_broker': {'entry_point': 'Physical Theft (Burglary)'},
'post_incident_analysis': {'root_causes': 'Physical security failure leading '
'to theft of unsecured laptops'},
'references': [{'date_accessed': '2025-01-14',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (Health '
'Insurance Portability and '
'Accountability Act) '
'violations'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (reported to California Office '
'of the Attorney General)',
'remediation_measures': 'Credit monitoring services offered to '
'affected patients'},
'title': 'Data Breach at Han Van Duong, M.D. Due to Theft of Laptops',
'type': 'Data Breach (Physical Theft)'}