The California Office of the Attorney General disclosed a data breach affecting Steven Yang, D.D.S. on January 26, 2018. The incident occurred on January 6, 2018, when two laptops containing sensitive patient information—including names, addresses, Social Security numbers, and health insurance details—were stolen during a burglary. The breach exposed highly confidential personal and financial data, posing significant risks of identity theft, financial fraud, and unauthorized access to medical records. While the theft was physical, the compromise of digital records containing protected health information (PHI) and personally identifiable information (PII) classifies this as a severe data breach with long-term repercussions for affected individuals. The incident underscores vulnerabilities in securing portable devices holding sensitive data, particularly in healthcare settings where regulatory compliance (e.g., HIPAA) is critical. No immediate evidence suggested the data was misused, but the exposure alone warrants high-severity classification due to the nature of the stolen information.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-133152
TPRM report: https://www.rankiteo.com/company/great-expressions-dental-centers
"id": "gre223091825",
"linkid": "great-expressions-dental-centers",
"type": "Breach",
"date": "1/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Steven Yang, D.D.S.',
'type': 'Dental Practice'}],
'attack_vector': 'Physical Theft (Burglary)',
'data_breach': {'data_exfiltration': 'Yes (via physical theft of laptops)',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'Numbers',
'Health Insurance '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2018-01-06',
'date_publicly_disclosed': '2018-01-26',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Steven Yang, D.D.S. on January 26, 2018. The '
'breach occurred on January 6, 2018, when two laptops '
'containing patient information, including names, addresses, '
'social security numbers, and health insurance numbers, were '
'stolen during a burglary.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Social Security Numbers',
'Health Insurance Numbers'],
'identity_theft_risk': 'High (PII and SSNs exposed)',
'systems_affected': ['2 Laptops']},
'initial_access_broker': {'entry_point': 'Physical Theft (Burglary)',
'high_value_targets': ['Patient PII/PHI']},
'post_incident_analysis': {'root_causes': ['Inadequate physical security for '
'devices containing sensitive data',
'Lack of encryption (if '
'applicable)']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Data Breach '
'Notification Law (likely)',
'HIPAA (potential, if PHI '
'was unsecured)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'law_enforcement_notified': 'Yes (Reported to California Office '
'of the Attorney General)'},
'title': 'Data Breach at Steven Yang, D.D.S. Due to Stolen Laptops',
'type': 'Data Breach (Physical Theft)',
'vulnerability_exploited': 'Lack of Physical Security for Devices Containing '
'Sensitive Data'}