The California Office of the Attorney General disclosed that Sutter Senior Care suffered a data breach on May 28, 2023, linked to its third-party vendor, Cognisight, LLC. The incident stemmed from a global exploit of the MOVEit file transfer tool, a widely targeted vulnerability. The breach exposed protected health information (PHI), including names, Social Security numbers, and health records of affected individuals. While the exact number of impacted individuals remains undisclosed, the compromised data suggests a severe risk of identity theft, financial fraud, and unauthorized access to sensitive medical details. The breach was formally reported on July 22, 2023, indicating a delayed public disclosure. Given the nature of the exposed data particularly health information and Social Security numbers the incident poses long-term reputational, financial, and regulatory risks for Sutter Senior Care, with potential legal repercussions under HIPAA and other data protection laws.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-570696
TPRM report: https://www.rankiteo.com/company/cognisight-llc_2
"id": "cog1017090725",
"linkid": "cognisight-llc_2",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Sutter Senior Care',
'type': 'Healthcare Provider'},
{'industry': 'Technology/Healthcare Services',
'name': 'Cognisight, LLC',
'type': 'Vendor'}],
'attack_vector': 'Exploitation of MOVEit file transfer tool vulnerability',
'data_breach': {'data_exfiltration': 'Likely (due to exploit nature)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names',
'social security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Personally Identifiable '
'Information (PII)']},
'date_detected': '2023-05-28',
'date_publicly_disclosed': '2023-07-22',
'description': 'The California Office of the Attorney General reported that '
'Sutter Senior Care experienced a data breach on May 28, 2023, '
'involving the vendor Cognisight, LLC, due to a global exploit '
'of the MOVEit file transfer tool. The breach potentially '
'affected protected health information, including names, '
'social security numbers, and health information of '
'individuals; the specific number of affected individuals is '
'unknown.',
'impact': {'data_compromised': ['names',
'social security numbers',
'health information'],
'identity_theft_risk': 'High (PII and PHI exposed)',
'systems_affected': ['MOVEit file transfer tool']},
'initial_access_broker': {'entry_point': 'MOVEit file transfer tool '
'vulnerability',
'high_value_targets': ['Protected Health '
'Information (PHI)']},
'investigation_status': 'Reported; details pending',
'post_incident_analysis': {'root_causes': 'Exploitation of unpatched '
'vulnerability in MOVEit file '
'transfer tool'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely)',
'California Consumer '
'Privacy Act (CCPA)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Reported to California Office of the '
'Attorney General'},
'title': 'Sutter Senior Care Data Breach via MOVEit Exploit',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit file transfer tool (global exploit)'}