Choice Health Insurance

Choice Health Insurance suffered a data breach incident caused by human error.

The compromised data including 600MB of data with 2,141,006 files described as Agents, Commission, Contacts, Policies was also offered for the sale on a popular hacking forum.

The insurance provider notified that due to a technical security configuration issue caused by a third-party service provider, one or its database was accessible through the Internet.

The compromised and published information included first and last name, Social Security number; Medicare beneficiary identification number; date of birth; address and contact information; and health insurance information.

Source: https://www.databreaches.net/choice-health-insurance-notifying-people-after-vendor-error-resulted-in-data-breach/

TPRM report: https://scoringcyber.rankiteo.com/company/choice-health-insurance

"id": "cho1188722",
"linkid": "choice-health-insurance",
"type": "Breach",
"date": "06/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Health Insurance',
                        'name': 'Choice Health Insurance',
                        'type': 'Insurance Provider'}],
 'attack_vector': 'Human Error',
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['Agents',
                                        'Commission',
                                        'Contacts',
                                        'Policies'],
                 'number_of_records_exposed': '2,141,006',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information',
                                              'Health Insurance Information']},
 'description': 'Choice Health Insurance suffered a data breach incident '
                'caused by human error. The compromised data including 600MB '
                'of data with 2,141,006 files described as Agents, Commission, '
                'Contacts, Policies was also offered for the sale on a popular '
                'hacking forum. The insurance provider notified that due to a '
                'technical security configuration issue caused by a '
                'third-party service provider, one of its databases was '
                'accessible through the Internet. The compromised and '
                'published information included first and last name, Social '
                'Security number; Medicare beneficiary identification number; '
                'date of birth; address and contact information; and health '
                'insurance information.',
 'impact': {'data_compromised': ['first and last name',
                                 'Social Security number',
                                 'Medicare beneficiary identification number',
                                 'date of birth',
                                 'address and contact information',
                                 'health insurance information']},
 'initial_access_broker': {'data_sold_on_dark_web': True},
 'post_incident_analysis': {'root_causes': 'Human Error, Technical Security '
                                           'Configuration Issue'},
 'title': 'Choice Health Insurance Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Technical Security Configuration Issue'}