The Central California Alliance for Health (the Alliance) experienced a data security incident.
An unknown, unauthorized third party accessed three employees’ email accounts to obtain the credentials of several individuals during a brief period on May 7, 2020.
It resulted in the unintentional disclosure of member health information.
There was no evidence that member information was accessed or misused.
Source: https://www.govtech.com/security/california-health-care-plan-warns-of-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/central-california-alliance-for-health
"id": "cen205513123",
"linkid": "central-california-alliance-for-health",
"type": "Data Leak",
"date": "05/2020",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'location': 'Central California',
'name': 'Central California Alliance for Health',
'type': 'Healthcare Provider'}],
'attack_vector': 'Email Account Compromise',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Member Health Information'},
'date_detected': '2020-05-07',
'description': 'The Central California Alliance for Health (the Alliance) '
'experienced a data security incident where an unknown, '
'unauthorized third party accessed three employees’ email '
'accounts to obtain the credentials of several individuals '
'during a brief period on May 7, 2020. It resulted in the '
'unintentional disclosure of member health information.',
'impact': {'data_compromised': ['Member Health Information'],
'systems_affected': ['Email Accounts']},
'initial_access_broker': {'entry_point': 'Email Accounts'},
'post_incident_analysis': {'root_causes': 'Weak or Stolen Credentials'},
'threat_actor': 'Unknown, Unauthorized Third Party',
'title': 'Central California Alliance for Health Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Weak or Stolen Credentials'}