The sensitive medical information of citizens of California was exposed by a misconfigured database managed by the California Department of Public Health.
The misconfiguration resulted from an error made by a third-party contractor and led to the breach of names, dates of birth, addresses, and Covid-19-related health information of the citizens.
The department set up a dedicated call center to help out the people of California affected by the breach.
Source: https://portswigger.net/daily-swig/california-public-office-admits-covid-19-healthcare-data-breach
TPRM report: https://scoringcyber.rankiteo.com/company/california-department-of-public-health
"id": "cal184124422",
"linkid": "california-department-of-public-health",
"type": "Breach",
"date": "11/2021",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Citizens of California',
'industry': 'Healthcare',
'location': 'California',
'name': 'California Department of Public Health',
'type': 'Government Agency'}],
'attack_vector': 'Misconfigured Database',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'dates of birth',
'addresses',
'Covid-19-related health '
'information']},
'description': 'The sensitive medical information of citizens of California '
'was exposed by a misconfigured database managed by the '
'California Department of Public Health. The misconfiguration '
'resulted from an error made by a third-party contractor and '
'led to the breach of names, dates of birth, addresses, and '
'Covid-19-related health information of the citizens. The '
'department set up a dedicated call center to help out the '
'people of California affected by the breach.',
'impact': {'data_compromised': ['names',
'dates of birth',
'addresses',
'Covid-19-related health information']},
'post_incident_analysis': {'root_causes': 'Misconfiguration by a third-party '
'contractor'},
'response': {'recovery_measures': 'Dedicated call center set up to help '
'affected individuals'},
'title': 'California Department of Public Health Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Error by a third-party contractor'}