Forefront reports that they had identified an intrusion into their system that exposed 4,431 patients data they took their system offline to prevent further spread or damage.
Subsequent investigation revealed that there had been unauthorized access to some of its patient files and employee files.
The patient files that were accessed may have included patient names, addresses, dates of birth, patient account numbers, health insurance plan member ID numbers, medical record numbers, dates of service, accession numbers, provider names, and/or medical and clinical treatment information.
There were no evidence that patient Social Security numbers, driver’s license numbers, or financial account / payment card information were involved in this incident.
TPRM report: https://scoringcyber.rankiteo.com/company/forefront-dermatology
"id": "for1358223",
"linkid": "forefront-dermatology",
"type": "Data Leak",
"date": "07/2021",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 4431,
'industry': 'Healthcare',
'name': 'Forefront',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'number_of_records_exposed': 4431,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['patient names',
'addresses',
'dates of birth',
'patient account numbers',
'health insurance plan member ID '
'numbers',
'medical record numbers',
'dates of service',
'accession numbers',
'provider names',
'medical and clinical treatment '
'information']},
'description': 'Forefront reports that they had identified an intrusion into '
"their system that exposed 4,431 patients' data. They took "
'their system offline to prevent further spread or damage. '
'Subsequent investigation revealed that there had been '
'unauthorized access to some of its patient files and employee '
'files. The patient files that were accessed may have included '
'patient names, addresses, dates of birth, patient account '
'numbers, health insurance plan member ID numbers, medical '
'record numbers, dates of service, accession numbers, provider '
'names, and/or medical and clinical treatment information. '
'There were no evidence that patient Social Security numbers, '
'driver’s license numbers, or financial account / payment card '
'information were involved in this incident.',
'impact': {'data_compromised': ['patient names',
'addresses',
'dates of birth',
'patient account numbers',
'health insurance plan member ID numbers',
'medical record numbers',
'dates of service',
'accession numbers',
'provider names',
'medical and clinical treatment information']},
'response': {'containment_measures': ['System taken offline']},
'title': 'Data Breach at Forefront',
'type': 'Data Breach'}