The D.C.-based Children’s National Medical Center suffered a data security incident after employees fell for phishing emails that affected 18,000 patients.
The compromised information included names, dates of birth, medication, and physicians’ notes regarding diagnosis and treatment.
They informed the health system about the issue, the transcription company, Ascend, was contacted and asked to re-secure the site and remove the transcription documents from the Ascend server.
TPRM report: https://scoringcyber.rankiteo.com/company/children's-national-medical-center
"id": "chi215523522",
"linkid": "children's-national-medical-center",
"type": "Breach",
"date": "05/2016",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '18,000 patients',
'industry': 'Healthcare',
'location': 'D.C.',
'name': 'Children’s National Medical Center',
'type': 'Healthcare'}],
'attack_vector': 'Phishing Emails',
'data_breach': {'number_of_records_exposed': '18,000',
'personally_identifiable_information': ['names',
'dates of birth'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'dates of birth',
'medication',
'physicians’ notes regarding '
'diagnosis and treatment']},
'description': 'The D.C.-based Children’s National Medical Center suffered a '
'data security incident after employees fell for phishing '
'emails that affected 18,000 patients.',
'impact': {'data_compromised': ['names',
'dates of birth',
'medication',
'physicians’ notes regarding diagnosis and '
'treatment']},
'response': {'containment_measures': ['Re-secured the site',
'Removed the transcription documents '
'from the Ascend server'],
'third_party_assistance': ['Ascend']},
'title': 'Data Security Incident at Children’s National Medical Center',
'type': 'Phishing',
'vulnerability_exploited': 'Human Error'}