cyber Breach

Ballad Health

May 16, 2022 1 min read
Ballad Health

Unusual activity on an employee’s email account of Ballad Health compromised the protected health information of its patients.

The compromised information included names, birth dates, medical conditions, medical history, treatment information, diagnosis codes, patient account numbers, and medical record numbers.

The Ballad Health immediately took the investigation in its hand and secured the employees' account and the data.

Source: https://healthitsecurity.com/news/phi-potentially-accessed-in-ballad-health-email-data-breach

TPRM report: https://scoringcyber.rankiteo.com/company/ballad-health

"id": "bal213313522",
"linkid": "ballad-health",
"type": "Breach",
"date": "01/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'name': 'Ballad Health',
                        'type': 'Healthcare'}],
 'attack_vector': 'Compromised Email Account',
 'data_breach': {'personally_identifiable_information': ['names',
                                                         'birth dates'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['names',
                                              'birth dates',
                                              'medical conditions',
                                              'medical history',
                                              'treatment information',
                                              'diagnosis codes',
                                              'patient account numbers',
                                              'medical record numbers']},
 'description': 'Unusual activity on an employee’s email account of Ballad '
                'Health compromised the protected health information of its '
                'patients. The compromised information included names, birth '
                'dates, medical conditions, medical history, treatment '
                'information, diagnosis codes, patient account numbers, and '
                'medical record numbers. Ballad Health immediately took the '
                "investigation in its hand and secured the employees' account "
                'and the data.',
 'impact': {'data_compromised': ['names',
                                 'birth dates',
                                 'medical conditions',
                                 'medical history',
                                 'treatment information',
                                 'diagnosis codes',
                                 'patient account numbers',
                                 'medical record numbers']},
 'initial_access_broker': {'entry_point': 'Email Account'},
 'investigation_status': 'Ongoing',
 'response': {'containment_measures': "Secured the employee's account and the "
                                      'data'},
 'title': 'Ballad Health Email Account Compromise',
 'type': 'Data Breach'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.