Franciscan Health

Franciscan Health

Franciscan Health confirmed that one employee in the quality research for Franciscan Health accessed protected health information (PHI) of approximately 2,200 patients without a business reason.

At this time, there is no evidence that the employee downloaded, disclosed, or transmitted any of these information accessed and the individual is no longer employed by Franciscan Health.

The affected records include information that was created or received by your healthcare providers in the course of providing treatment, including medical records from other facilities incorporated into the electronic medical record at Franciscan Health.

For a small subset of individuals, the records also contained the patient’s social security number.

Source: https://www.databreaches.net/in-franciscan-health-provides-notice-of-privacy-breach/

TPRM report: https://scoringcyber.rankiteo.com/company/franciscan-health

"id": "fra214826323",
"linkid": "franciscan-health",
"type": "Data Leak",
"date": "05/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 2200,
                        'industry': 'Healthcare',
                        'name': 'Franciscan Health',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Unauthorized Access',
 'data_breach': {'number_of_records_exposed': 2200,
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Medical Records',
                                              'Social Security Numbers']},
 'description': 'An employee in the quality research department at Franciscan '
                'Health accessed protected health information (PHI) of '
                'approximately 2,200 patients without authorization. The '
                'affected records include medical information and, for a small '
                'subset of individuals, social security numbers. There is no '
                'evidence that the information was downloaded, disclosed, or '
                'transmitted, and the employee is no longer with the '
                'organization.',
 'impact': {'data_compromised': 'PHI including medical records and social '
                                'security numbers for a subset of individuals'},
 'threat_actor': 'Internal Employee',
 'title': 'Unauthorized Access to Patient Information at Franciscan Health',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Internal Access'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.