East Bay Perinatal Medical Associates

On June 1, 2015, East Bay Perinatal Medical Associates experienced a data breach when an employee’s personal laptop, containing a patient list, was discovered during a police investigation. The exposed data included patient names and dates of birth, but there was no evidence of fraudulent use or compromise of sensitive information such as Social Security numbers, financial details, or medical records. The breach was reported by the California Office of the Attorney General on July 29, 2015. While the incident involved unauthorized exposure of personal data, the lack of malicious exploitation or theft of highly sensitive information limited the overall severity of the impact. The breach was attributed to an internal employee’s device, highlighting vulnerabilities in data handling practices but without broader systemic consequences or financial harm to affected individuals.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-57193

TPRM report: https://www.rankiteo.com/company/east-bay-perinatal-associates

"id": "eas818082025",
"linkid": "east-bay-perinatal-associates",
"type": "Breach",
"date": "6/2015",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'California, USA',
                        'name': 'East Bay Perinatal Medical Associates',
                        'type': 'Healthcare Provider'}],
 'attack_vector': "Lost/Stolen Device (Employee's Personal Laptop)",
 'data_breach': {'file_types_exposed': ['Patient List'],
                 'personally_identifiable_information': ['Names',
                                                         'Dates of Birth'],
                 'sensitivity_of_data': 'Low (No SSNs, financial, or medical '
                                        'data exposed)',
                 'type_of_data_compromised': ['Patient Names',
                                              'Dates of Birth']},
 'date_detected': '2015-06-01',
 'date_publicly_disclosed': '2015-07-29',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving East Bay Perinatal Medical Associates on '
                'July 29, 2015. The breach occurred on June 1, 2015, when an '
                "employee's personal laptop containing a patient list was "
                'identified during a police investigation, though no evidence '
                'of fraudulent use was found. The information exposed included '
                'names and dates of birth, but not Social Security numbers or '
                'sensitive financial and medical information.',
 'impact': {'data_compromised': ['Names', 'Dates of Birth'],
            'identity_theft_risk': 'Low (No SSNs or sensitive '
                                   'financial/medical data exposed)',
            'systems_affected': ["Employee's Personal Laptop"]},
 'investigation_status': 'Closed (No evidence of fraudulent use found)',
 'post_incident_analysis': {'root_causes': ["Employee's personal laptop "
                                            'containing unsecured patient '
                                            'data']},
 'references': [{'date_accessed': '2015-07-29',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (Health '
                                                    'Insurance Portability and '
                                                    'Accountability Act)'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'response': {'law_enforcement_notified': True},
 'title': 'East Bay Perinatal Medical Associates Data Breach (2015)',
 'type': 'Data Breach'}