Blue Shield of California

Blue Shield of California, a major healthcare provider, suffered a ransomware attack on April 28, 2022, via its third-party vendor, OneTouchPoint. The breach exposed protected health information (PHI), including names, subscriber ID numbers, and medical details of an undisclosed number of individuals. The incident was reported to the California Office of the Attorney General on July 12, 2022, indicating a delayed disclosure. While the full scope of the data compromise remains unclear, the attack targeted sensitive healthcare records, raising concerns over potential misuse of personal and medical data. The involvement of a subcontractor highlights vulnerabilities in third-party risk management, amplifying the risk of large-scale data exposure in the healthcare sector. No confirmation was provided on whether a ransom was paid or if the attackers exfiltrated the data for further exploitation.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-555178

TPRM report: https://www.rankiteo.com/company/blue-shield-of-california

"id": "blu039091825",
"linkid": "blue-shield-of-california",
"type": "Ransomware",
"date": "4/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 'unknown',
                        'industry': 'healthcare',
                        'location': 'California, USA',
                        'name': 'Blue Shield of California',
                        'type': 'healthcare insurer'},
                       {'customers_affected': 'unknown',
                        'industry': 'healthcare services (vendor)',
                        'name': 'OneTouchPoint',
                        'type': 'subcontractor'}],
 'data_breach': {'number_of_records_exposed': 'unknown',
                 'personally_identifiable_information': 'yes',
                 'sensitivity_of_data': 'high (includes names, subscriber IDs, '
                                        'medical details)',
                 'type_of_data_compromised': ['protected health information '
                                              '(PHI)']},
 'date_detected': '2022-04-28',
 'date_publicly_disclosed': '2022-07-12',
 'description': 'The California Office of the Attorney General reported that '
                'Blue Shield of California experienced a ransomware attack '
                'involving its subcontractor, OneTouchPoint, on April 28, '
                '2022. The incident was reported on July 12, 2022. The '
                'potentially compromised protected health information included '
                'names, subscriber ID numbers, and medical details; however, '
                'the exact number of individuals affected is unknown.',
 'impact': {'data_compromised': ['names',
                                 'subscriber ID numbers',
                                 'medical details'],
            'identity_theft_risk': 'potential (protected health information '
                                   'exposed)'},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['potential HIPAA violation '
                                                    '(protected health '
                                                    'information exposure)'],
                           'regulatory_notifications': ['reported to '
                                                        'California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Ransomware Attack on Blue Shield of California via Subcontractor '
          'OneTouchPoint',
 'type': 'ransomware'}