HealthFirst Family Care Center

The Vermont Office of the Attorney General disclosed a data breach at HealthFirst Family Care Center (HFFCC) on July 16, 2024. The incident involved unauthorized access to an employee’s email account between April 26, 2024, and April 29, 2024, potentially exposing sensitive personal information of affected individuals. Compromised data may include names, Social Security numbers, and email addresses, though the exact number of impacted individuals remains unknown. The breach stems from a targeted intrusion into the employee’s account, raising concerns over the security of protected health information (PHI) and the risk of identity theft or fraud. While the full scope of the exposure is still under investigation, the incident underscores vulnerabilities in email security protocols and the broader implications for patient privacy within healthcare systems. No immediate evidence suggests the data was misused, but the breach necessitates heightened monitoring and mitigation efforts to prevent further exploitation.

Source: https://ago.vermont.gov/document/2024-07-16-healthfirst-family-care-center-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/healthfirst-family-care-center-inc.

"id": "hea155082025",
"linkid": "healthfirst-family-care-center-inc.",
"type": "Breach",
"date": "4/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Healthcare',
                        'location': 'Vermont, USA',
                        'name': 'HealthFirst Family Care Center (HFFCC)',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Compromised Email Account',
 'data_breach': {'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'Numbers',
                                                         'Email Addresses'],
                 'sensitivity_of_data': 'High (includes SSNs)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_publicly_disclosed': '2024-07-16',
 'description': 'The Vermont Office of the Attorney General reported a data '
                'breach involving HealthFirst Family Care Center (HFFCC) on '
                'July 16, 2024. The breach involved unauthorized access to an '
                'employee’s email account between April 26, 2024, and April '
                '29, 2024, potentially exposing personal information such as '
                'names, Social Security numbers, and email addresses, although '
                'the number of individuals affected is unknown.',
 'impact': {'data_compromised': ['Names',
                                 'Social Security Numbers',
                                 'Email Addresses'],
            'identity_theft_risk': 'Potential (due to exposed PII)',
            'systems_affected': ['Employee Email Account']},
 'initial_access_broker': {'entry_point': 'Employee Email Account'},
 'references': [{'date_accessed': '2024-07-16',
                 'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
                                                        'Attorney General']},
 'response': {'communication_strategy': 'Public disclosure via Vermont Office '
                                        'of the Attorney General'},
 'title': 'HealthFirst Family Care Center (HFFCC) Data Breach via Employee '
          'Email Account',
 'type': 'Data Breach'}