Auris Health, Inc. suffered a data breach in March 2020 when unauthorized actors gained access to an employee’s email account. The incident, reported by the California Office of the Attorney General in January 2021, exposed highly sensitive personal and financial information. Compromised data included full names, Social Security Numbers (SSNs), tax identification numbers, passport numbers, health insurance details, protected health information (PHI), payment card data, and financial account numbers. The breach posed significant risks of identity theft, financial fraud, and misuse of health records, affecting both employees and potentially customers or patients associated with the company. The prolonged exposure nearly a year before public disclosure heightened concerns over the scope of the damage and the company’s cybersecurity posture. The incident underscored vulnerabilities in email security protocols and the critical need for robust monitoring to prevent prolonged unauthorized access to sensitive systems.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-537478
TPRM report: https://www.rankiteo.com/company/aurishealth
"id": "aur027091825",
"linkid": "aurishealth",
"type": "Breach",
"date": "3/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Auris Health, Inc.',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access (Email Account Compromise)',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to email '
'account)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Information']},
'date_publicly_disclosed': '2021-01-27',
'description': 'The California Office of the Attorney General reported that '
'Auris Health, Inc. experienced a data breach due to '
"unauthorized access to an employee's email account starting "
'in March 2020. The breach potentially compromised personal '
'information including full names and one or more of Social '
'Security Numbers, tax identification numbers, passport '
'numbers, health insurance numbers, health information, '
'payment card information, and financial account numbers.',
'impact': {'data_compromised': ['Full Names',
'Social Security Numbers',
'Tax Identification Numbers',
'Passport Numbers',
'Health Insurance Numbers',
'Health Information',
'Payment Card Information',
'Financial Account Numbers'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (Payment card and financial '
'account numbers exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'references': [{'date_accessed': '2021-01-27',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Consumer '
'Privacy Act (CCPA)',
'Health Insurance '
'Portability and '
'Accountability Act '
'(HIPAA)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Auris Health, Inc. Data Breach via Unauthorized Email Access',
'type': 'Data Breach'}