The California Office of the Attorney General reported that Emanate Health experienced a data breach involving a third-party vendor, PaperlessPay Corporation, on July 29, 2020. The breach was discovered on February 19, 2020, when an unauthorized individual accessed PaperlessPay's SQL server on February 18, 2020, potentially exposing employee information including names, addresses, and Social Security numbers.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-192529
TPRM report: https://www.rankiteo.com/company/emanatehealth
"id": "ema518072725",
"linkid": "emanatehealth",
"type": "Breach",
"date": "2/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California',
'name': 'Emanate Health',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Social Security numbers']},
'date_detected': '2020-02-19',
'date_publicly_disclosed': '2020-07-29',
'description': 'The California Office of the Attorney General reported that '
'Emanate Health experienced a data breach involving a '
'third-party vendor, PaperlessPay Corporation, on July 29, '
'2020. The breach was discovered on February 19, 2020, when an '
"unauthorized individual accessed PaperlessPay's SQL server on "
'February 18, 2020, potentially exposing employee information '
'including names, addresses, and Social Security numbers.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Social Security numbers'],
'systems_affected': ['SQL Server']},
'initial_access_broker': {'entry_point': 'SQL Server'},
'references': [{'source': 'California Office of the Attorney General'}],
'threat_actor': 'Unauthorized Individual',
'title': 'Emanate Health Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'SQL Server'}