The Grimaldi Center for Wellness and Aesthetics experienced a data breach in March 2020, reported by the California Office of the Attorney General on April 16, 2020. The incident involved a former employee who unauthorizedly accessed medical records, potentially exposing highly sensitive patient information. Compromised data included names, dates of birth, Social Security numbers, and other confidential details, though the exact number of affected individuals remains undisclosed. The breach stemmed from insider misuse, highlighting vulnerabilities in access controls and post-employment data protection measures. Given the nature of the exposed data—personally identifiable information (PII) and protected health information (PHI)—the incident poses significant risks of identity theft, financial fraud, and reputational harm to the affected patients. The lack of clarity on the scope of the breach further exacerbates concerns, as victims may remain unaware of their exposure. Regulatory scrutiny under HIPAA (Health Insurance Portability and Accountability Act) and potential legal repercussions for the center are likely, given the severity of the data involved.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-189210
TPRM report: https://www.rankiteo.com/company/grimaldicenterforwellnessandaesthetics
"id": "gri733082025",
"linkid": "grimaldicenterforwellnessandaesthetics",
"type": "Breach",
"date": "2/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Healthcare / Wellness',
'location': 'California, USA',
'name': 'Grimaldi Center for Wellness and Aesthetics',
'type': 'Healthcare Provider'}],
'attack_vector': 'Insider Threat (Former Employee)',
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Dates of birth',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (Medical and PII)',
'type_of_data_compromised': ['Medical records',
'Personally Identifiable '
'Information (PII)']},
'date_detected': '2020-03-11',
'date_publicly_disclosed': '2020-04-16',
'description': 'A former employee of Grimaldi Center for Wellness and '
'Aesthetics accessed medical records without authorization, '
'potentially exposing patient names, dates of birth, Social '
'Security numbers, and other sensitive information. The breach '
'was discovered on March 11, 2020, and reported by the '
'California Office of the Attorney General on April 16, 2020. '
'The number of affected individuals is unknown.',
'impact': {'data_compromised': ['Patient names',
'Dates of birth',
'Social Security numbers',
'Other sensitive medical information'],
'identity_theft_risk': 'High (PII exposed)'},
'initial_access_broker': {'high_value_targets': 'Patient medical records'},
'post_incident_analysis': {'root_causes': 'Lack of access controls for former '
'employees'},
'references': [{'date_accessed': '2020-04-16',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA violation '
'(if applicable)',
'California Data Breach '
'Notification Law'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Reported to California Office of the '
'Attorney General'},
'threat_actor': 'Former Employee',
'title': 'Unauthorized Access to Medical Records at Grimaldi Center for '
'Wellness and Aesthetics',
'type': 'Data Breach (Unauthorized Access)'}