The Vermont Office of the Attorney General disclosed on April 30, 2024, that Continuum Health suffered a data breach between October 18–19, 2023, involving unauthorized access to sensitive personal information. The compromised data included individuals' names, Social Security numbers, dates of birth, health insurance details, medical records, and phone numbers. While the exact number of affected individuals remains undisclosed, the exposure of such highly sensitive information particularly health and financial data poses severe risks, including identity theft, medical fraud, and financial exploitation. The breach underscores a critical failure in safeguarding protected health information (PHI), which is governed by strict regulatory frameworks like HIPAA in the U.S. The lack of clarity on the scope of the breach (e.g., whether the attack was targeted or opportunistic) further complicates risk assessment. Given the nature of the exposed data, affected individuals face long-term vulnerabilities, while Continuum Health may confront legal repercussions, reputational damage, and loss of patient trust. The incident highlights the growing threat landscape for healthcare providers, where cybercriminals increasingly target high-value medical data for monetary gain or malicious use.
Source: https://ago.vermont.gov/document/2024-04-30-continuum-health-alliance-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/continuum-health-care
"id": "con741082025",
"linkid": "continuum-health-care",
"type": "Breach",
"date": "10/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Healthcare',
'location': 'Vermont, USA (assumed based on reporting '
'authority)',
'name': 'Continuum Health',
'type': 'Healthcare Provider'}],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Dates of birth',
'Phone numbers'],
'sensitivity_of_data': 'High (includes SSNs, medical, and '
'insurance data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2024-04-30',
'description': 'The Vermont Office of the Attorney General reported that '
'Continuum Health experienced a data breach involving '
'unauthorized access to personal information between October '
'18 and October 19, 2023. The breach potentially affected '
"individuals' names, Social Security numbers, dates of birth, "
'health insurance information, medical information, and phone '
'numbers, though the number of individuals affected is '
'currently unknown.',
'impact': {'data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
'Health insurance information',
'Medical information',
'Phone numbers'],
'identity_theft_risk': 'High (PII and sensitive health data '
'exposed)'},
'investigation_status': 'Ongoing (number of affected individuals unknown)',
'references': [{'date_accessed': '2024-04-30',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA violation '
'(health data exposure)',
'State data breach '
'notification laws (e.g., '
'Vermont’s Security Breach '
'Notice Act)'],
'regulatory_notifications': 'Vermont Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Vermont Office '
'of the Attorney General'},
'title': 'Continuum Health Data Breach (2023)',
'type': 'Data Breach'}