Breach cyber

Health Plan of San Mateo

Jan 17, 2023 1 min read
Health Plan of San Mateo

On March 17, 2023, the California Office of the Attorney General reported that the Health Plan of San Mateo (HPSM) experienced an email phishing incident on January 17, 2023, potentially involving the personal information of members. The breach involved unauthorized access to an employee email account, through which a spreadsheet containing member information, including names and member identification numbers, was present. However, there is no evidence that the unauthorized person viewed this information or that it will be misused.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-564499

TPRM report: https://www.rankiteo.com/company/healthplanofsanmateo

"id": "hea716080425",
"linkid": "healthplanofsanmateo",
"type": "Breach",
"date": "1/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'San Mateo, California',
                        'name': 'Health Plan of San Mateo',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Phishing',
 'data_breach': {'file_types_exposed': ['Spreadsheet'],
                 'personally_identifiable_information': ['Names',
                                                         'Member '
                                                         'Identification '
                                                         'Numbers'],
                 'type_of_data_compromised': ['Names',
                                              'Member Identification Numbers']},
 'date_detected': '2023-01-17',
 'date_publicly_disclosed': '2023-03-17',
 'description': 'On March 17, 2023, the California Office of the Attorney '
                'General reported that the Health Plan of San Mateo (HPSM) '
                'experienced an email phishing incident on January 17, 2023, '
                'potentially involving the personal information of members. '
                'The breach involved unauthorized access to an employee email '
                'account, through which a spreadsheet containing member '
                'information, including names and member identification '
                'numbers, was present. However, there is no evidence that the '
                'unauthorized person viewed this information or that it will '
                'be misused.',
 'impact': {'data_compromised': ['Names', 'Member Identification Numbers']},
 'initial_access_broker': {'entry_point': 'Email Account'},
 'references': [{'date_accessed': '2023-03-17',
                 'source': 'California Office of the Attorney General'}],
 'title': 'Email Phishing Incident at Health Plan of San Mateo',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Email Account'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.