cyber Breach

Ballad Health

May 11, 2023 1 min read
Ballad Health

Ballad Health's employee has been fired for accessing patients’ records without an appropriate reason to do so.

The former employee viewed patients’ records, accessing both demographic and clinical information.

The former employee did not access Social Security numbers, driver’s license numbers, or financial account information.

The employee have accessed the patient’s name, address, date of birth, phone number, and other information.

Ballad has no reason to believe the former employee has improperly used or disclosed the information she accessed.

Source: https://www.wjhl.com/news/local/ballad-health-employee-fired-after-accessing-patients-records-without-permission/

TPRM report: https://scoringcyber.rankiteo.com/company/ballad-health

"id": "bal2354101122",
"linkid": "ballad-health",
"type": "Data Leak",
"date": "07/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'name': 'Ballad Health',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Unauthorized Access',
 'data_breach': {'data_exfiltration': 'Unknown',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Dates of Birth',
                                                         'Phone Numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Demographic Information',
                                              'Clinical Information']},
 'description': 'A former employee at Ballad Health was fired for accessing '
                "patients' records without an appropriate reason, viewing both "
                'demographic and clinical information.',
 'impact': {'brand_reputation_impact': 'Potential loss of trust from patients',
            'data_compromised': ['Patient Names',
                                 'Addresses',
                                 'Dates of Birth',
                                 'Phone Numbers'],
            'identity_theft_risk': 'Low',
            'payment_information_risk': 'None'},
 'lessons_learned': 'Importance of monitoring employee access to sensitive '
                    'data',
 'motivation': 'Unknown',
 'post_incident_analysis': {'corrective_actions': 'Termination of the employee '
                                                  'and potential review of '
                                                  'access controls',
                            'root_causes': 'Employee misuse of access '
                                           'privileges'},
 'recommendations': 'Implement stricter access controls and regular audits of '
                    'employee access to patient data',
 'response': {'remediation_measures': 'Employee terminated'},
 'threat_actor': 'Former Employee',
 'title': 'Unauthorized Access to Patient Records at Ballad Health',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Internal Employee Privileges'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.