On July 28, 2016, Dominican Hospital, a healthcare facility under the jurisdiction of the California Office of the Attorney General, suffered a data breach involving the unauthorized transmission of a Microsoft Excel workbook via secured email. The file was sent to a local health plan but inadvertently included patient information for individuals not affiliated with the plan. The exposed data comprised sensitive details such as names, account numbers, and medical records, though Social Security numbers were not compromised. The breach raised concerns over patient privacy violations and potential misuse of medical data, which could lead to identity theft, targeted phishing, or fraudulent medical claims. While the exact number of affected individuals remains undisclosed (marked as 'UNKN'), the incident underscored vulnerabilities in data-sharing protocols between healthcare providers and third-party entities. The exposure of medical information a highly regulated and sensitive data category poses long-term risks, including reputational damage to the hospital and erosion of patient trust. Regulatory scrutiny under HIPAA (Health Insurance Portability and Accountability Act) likely followed, given the nature of the compromised data.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-63491
TPRM report: https://www.rankiteo.com/company/dignity-health
"id": "dig014091825",
"linkid": "dignity-health",
"type": "Breach",
"date": "7/2016",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'UNKN',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Dominican Hospital',
'type': 'Healthcare Provider'}],
'attack_vector': 'Human Error (Improper Data Transmission)',
'data_breach': {'data_encryption': 'Yes (secured email)',
'data_exfiltration': 'Yes (transmitted via email)',
'file_types_exposed': ['Microsoft Excel workbook'],
'number_of_records_exposed': 'UNKN',
'personally_identifiable_information': ['names',
'account numbers'],
'sensitivity_of_data': 'Moderate (no SSNs, but medical and '
'account data)',
'type_of_data_compromised': ['names',
'account numbers',
'medical information']},
'date_detected': '2016-07-28',
'description': 'The California Office of the Attorney General reported that '
'Dominican Hospital experienced a data breach on July 28, '
'2016, affecting patient information. The incident involved '
'the transmission of a Microsoft Excel workbook via secured '
'email to a local health plan, potentially including '
'information for patients not associated with the health plan. '
'The breach affected an unknown number of individuals, with '
'the compromised data consisting of names, account numbers, '
'and medical information, but excluded social security '
'numbers.',
'impact': {'data_compromised': ['names',
'account numbers',
'medical information'],
'identity_theft_risk': 'Low (no SSNs compromised)'},
'post_incident_analysis': {'root_causes': ['Human error in data transmission '
'(emailing Excel workbook to '
'unauthorized recipient)']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA violation '
'(unauthorized disclosure '
'of PHI)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Dominican Hospital Data Breach (2016)',
'type': 'Data Breach'}