Concord Hospital through its routine auditing, detected that an employee had improperly accessed 40 patients’ records, 13 of which had Social Security Numbers in the files.
The individuals were mostly relatives, friends, and acquaintances. The hospital discovered the breach on May 11 and notified those whose records were improperly accessed.
TPRM report: https://scoringcyber.rankiteo.com/company/concord-hospital
"id": "con232621123",
"linkid": "concord-hospital",
"type": "Breach",
"date": "07/2011",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': [40],
'industry': 'Healthcare',
'location': 'Concord, NH',
'name': 'Concord Hospital',
'type': 'Healthcare'}],
'attack_vector': 'Internal Employee Access',
'data_breach': {'number_of_records_exposed': 40,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Patient Records',
'Social Security Numbers']},
'date_detected': '2023-05-11',
'description': 'Concord Hospital detected that an employee had improperly '
'accessed 40 patients’ records, 13 of which had Social '
'Security Numbers in the files. The individuals were mostly '
'relatives, friends, and acquaintances. The hospital '
'discovered the breach on May 11 and notified those whose '
'records were improperly accessed.',
'impact': {'data_compromised': ['Patient Records', 'Social Security Numbers']},
'motivation': 'Unknown',
'references': [{'source': 'Concord Hospital'}],
'response': {'communication_strategy': 'Notified affected individuals'},
'threat_actor': 'Employee',
'title': 'Improper Access to Patient Records at Concord Hospital',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper Access Controls'}