Bucktail Medical Center

Bucktail Medical Center fell victim to a business email compromise (BEC) on October 15, 2020, resulting in unauthorized access to personally identifiable information (PII). The breach impacted 1,568 individuals, including 4 residents of Maine. While the exact type of compromised data was not fully detailed, the exposure of PII suggests potential risks such as identity theft or fraud. In response, the organization offered 12 months of identity theft protection services via Kroll to affected individuals. The incident highlights vulnerabilities in email security protocols, which cybercriminals exploited to gain access to sensitive information. No ransomware was involved, and the attack primarily targeted customer/patient data, raising concerns about privacy and regulatory compliance. The breach did not indicate broader operational disruptions or threats to the organization’s existence, but it underscores the critical need for robust cybersecurity measures in healthcare institutions to prevent similar future incidents.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/d2e940e5-30c7-485d-9e2e-b7cd6f85a469.shtml

TPRM report: https://www.rankiteo.com/company/bucktail-medical-center

"id": "buc027090625",
"linkid": "bucktail-medical-center",
"type": "Breach",
"date": "10/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '1,568 (including 4 Maine '
                                              'residents)',
                        'industry': 'Healthcare',
                        'name': 'Bucktail Medical Center',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Email',
 'customer_advisories': ['Identity theft protection services offered for 12 '
                         'months through Kroll'],
 'data_breach': {'number_of_records_exposed': '1,568',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'date_detected': '2020-10-15',
 'description': 'The Maine Office of the Attorney General reported that '
                'Bucktail Medical Center experienced a business email '
                'compromise on October 15, 2020, leading to unauthorized '
                'access to personally identifiable information. A total of '
                '1,568 individuals were affected, with 4 residents '
                'specifically from Maine. Identity theft protection services '
                'were offered for a period of 12 months through Kroll.',
 'impact': {'data_compromised': ['Personally Identifiable Information (PII)'],
            'identity_theft_risk': 'High (identity theft protection services '
                                   'offered for 12 months)'},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'third_party_assistance': ['Kroll (identity theft protection '
                                         'services)']},
 'title': 'Business Email Compromise at Bucktail Medical Center',
 'type': 'Business Email Compromise (BEC)'}