Confluence Health discloses patient data breach after employee email account hacked.
Compromised information included some patient information including name and treatment but no financial information was believed to be at risk.
An unauthorized person may have gained access to an employee’s email account on March 30 and May 28, 2018.
Source: https://www.databreaches.net/confluence-health-discloses-patient-data-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/confluence-health
"id": "con027101122",
"linkid": "confluence-health",
"type": "Data Leak",
"date": "07/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Confluence Health',
'type': 'Healthcare Provider'}],
'attack_vector': 'Email Account Hack',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Patient Information'},
'date_detected': ['2018-03-30', '2018-05-28'],
'description': 'Confluence Health discloses patient data breach after '
'employee email account hacked. Compromised information '
'included some patient information including name and '
'treatment but no financial information was believed to be at '
'risk. An unauthorized person may have gained access to an '
'employee’s email account on March 30 and May 28, 2018.',
'impact': {'data_compromised': 'Patient Information (Name, Treatment)',
'payment_information_risk': 'No',
'systems_affected': 'Email Account'},
'initial_access_broker': {'entry_point': 'Email Account'},
'post_incident_analysis': {'root_causes': 'Compromised Email Account'},
'threat_actor': 'Unauthorized Person',
'title': 'Confluence Health Patient Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Compromised Email Account'}