On July 10, 2017, CBS Consolidated, Inc. experienced a data breach reported by the California Office of the Attorney General on September 5, 2017. The incident involved an unrecognized account gaining unauthorized access to personal information of patients, including names, addresses, and insurance details. The exact number of affected individuals remains undisclosed, raising concerns about the scale of exposure. The breach highlights vulnerabilities in the company’s security measures, particularly in safeguarding sensitive patient data. While the full extent of the damage—such as potential misuse of the stolen information—is unclear, the incident underscores risks to privacy, financial security, and trust in healthcare-related entities. No evidence suggests ransomware or broader systemic disruption, but the compromise of personally identifiable information (PII) poses significant reputational and compliance risks for the organization.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-101593
TPRM report: https://www.rankiteo.com/company/consolidated-billing-services
"id": "con041090625",
"linkid": "consolidated-billing-services",
"type": "Breach",
"date": "7/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Healthcare (likely, given patient data '
'exposure)',
'location': 'California, USA',
'name': 'CBS Consolidated, Inc.',
'type': 'Organization'}],
'data_breach': {'data_exfiltration': 'Likely (unrecognized account accessed '
'data)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names', 'addresses'],
'sensitivity_of_data': 'High (includes insurance information)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2017-07-10',
'date_publicly_disclosed': '2017-09-05',
'description': 'The California Office of the Attorney General reported a data '
'breach involving CBS Consolidated, Inc. on September 5, 2017. '
'The breach occurred on July 10, 2017, when an unrecognized '
'account accessed personal information, including names, '
'addresses, and insurance information, of patients. The number '
'of affected individuals is currently unknown.',
'impact': {'data_compromised': ['names', 'addresses', 'insurance information'],
'identity_theft_risk': 'Potential (PII exposed)'},
'initial_access_broker': {'entry_point': 'Unrecognized account (potential '
'credential compromise or insider '
'threat)',
'high_value_targets': ['Patient data']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potentially HIPAA (if '
'healthcare provider)',
'California Data Breach '
'Notification Law'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at CBS Consolidated, Inc.',
'type': 'Data Breach'}