Avem Health Partners suffered a data breach due to unauthorized access at their third-party vendor, 365 Data Centers, exposing sensitive information of 271,303 individuals. The breach, discovered on October 6, 2022, compromised driver’s license numbers and personal health details, raising significant risks of identity theft and fraud. While notification letters were sent to two affected Maine residents on December 13, 2022, the scale of the incident suggests broader implications for customer trust and regulatory compliance. The company offered identity theft protection services as a remedial measure, but the exposure of highly sensitive health and identification data underscores severe reputational and operational risks. The breach originated from a third-party vendor, highlighting vulnerabilities in supply chain cybersecurity and the potential for cascading legal and financial consequences.
TPRM report: https://www.rankiteo.com/company/first-physicians-capital-group-inc-fpcg-
"id": "fir339091725",
"linkid": "first-physicians-capital-group-inc-fpcg-",
"type": "Breach",
"date": "5/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 271303,
'industry': 'Healthcare',
'name': 'Avem Health Partners',
'type': 'Healthcare Provider'},
{'industry': 'Data Hosting/Cloud Services',
'name': '365 Data Centers',
'type': 'Third-Party Vendor'}],
'customer_advisories': 'Notification letters mailed to affected individuals '
'(December 13, 2022)',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access reported)',
'number_of_records_exposed': 271303,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII and PHI)',
'type_of_data_compromised': ['Driver’s license numbers',
'Personal health details']},
'date_detected': '2022-10-06',
'date_publicly_disclosed': '2022-12-13',
'description': 'The Maine Office of the Attorney General reported that Avem '
'Health Partners experienced a data breach due to unauthorized '
'access at their third-party vendor, 365 Data Centers, '
'affecting 271,303 individuals. The incident was discovered on '
'October 6, 2022. Compromised data included driver’s license '
'numbers and personal health details. Notification letters '
'were mailed to two affected Maine residents on December 13, '
'2022, and identity theft protection services were offered.',
'impact': {'brand_reputation_impact': 'Potential (due to sensitive data '
'exposure)',
'data_compromised': ['Driver’s license numbers',
'Personal health details'],
'identity_theft_risk': 'High (identity theft protection services '
'offered)'},
'investigation_status': 'Discovered (October 6, 2022); Notifications sent '
'(December 13, 2022)',
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General '
'notified'},
'response': {'communication_strategy': 'Notification letters mailed to '
'affected Maine residents (December '
'13, 2022)',
'incident_response_plan_activated': 'Likely (notification and '
'remediation steps taken)',
'remediation_measures': 'Identity theft protection services '
'offered to affected individuals'},
'title': 'Avem Health Partners Data Breach via Third-Party Vendor (365 Data '
'Centers)',
'type': 'Data Breach (Third-Party Vendor Compromise)'}