The California Office of the Attorney General disclosed a data breach affecting Desert Physicians Management on June 22, 2023, stemming from an incident detected on April 23, 2023. The breach involved unusual activity on their computer systems, leading to the potential exposure of sensitive patient data, including names, addresses, dates of birth, and health information. While the compromised data did not include Social Security numbers or financial details, the exposure of protected health information (PHI) poses significant privacy and compliance risks under regulations like HIPAA. The breach highlights vulnerabilities in the organization’s cybersecurity defenses, particularly in detecting and mitigating unauthorized access to patient records. Although no financial or identity theft-related data (e.g., SSNs) was exposed, the leak of personal and medical details could still enable targeted phishing, medical identity fraud, or reputational harm for affected individuals. The incident underscores the critical need for healthcare providers to enforce robust monitoring, encryption, and access controls to safeguard patient confidentiality. As a healthcare entity, the breach may also trigger regulatory scrutiny, potential fines, and mandatory notifications to impacted patients, further amplifying operational and financial repercussions.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-568345
TPRM report: https://www.rankiteo.com/company/epic-management-lp
"id": "epi948091725",
"linkid": "epic-management-lp",
"type": "Breach",
"date": "4/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Desert Physicians Management',
'type': 'Healthcare Provider'}],
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate (PII but no SSNs or '
'financial data)',
'type_of_data_compromised': ['patient names',
'addresses',
'dates of birth',
'health information']},
'date_detected': '2023-04-23',
'date_publicly_disclosed': '2023-06-22',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Desert Physicians Management on June 22, '
'2023. The breach occurred on April 23, 2023, when unusual '
'activity on their computer systems was identified, involving '
'potential exposure of patient names, addresses, dates of '
'birth, and health information, but not Social Security '
'numbers or financial information.',
'impact': {'data_compromised': ['patient names',
'addresses',
'dates of birth',
'health information'],
'identity_theft_risk': 'Low (no SSNs or financial info exposed)',
'payment_information_risk': 'None'},
'references': [{'date_accessed': '2023-06-22',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (Health '
'Insurance Portability and '
'Accountability Act)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at Desert Physicians Management',
'type': 'Data Breach'}