CorrectCare Integrated Health, a medical claims processor for correctional facilities in Kentucky, experienced a significant cybersecurity breach. The incident, which went undetected from January 22, 2022, to July 7, 2022, led to unauthorized Internet access to two file directories due to a web server misconfiguration. This data breach impacted approximately 600,000 individuals and the disclosure delay until November 2022 resulted in a class action lawsuit that was settled for $6.49 million. Over 100,000 claims were filed, highlighting the extensive nature of the breach and its repercussions.
"id": "cor000100224",
"linkid": "correctcare-integrated-health",
"type": "Vulnerability",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"