Health Quest's employees fell victim to phishing attacks in July 2018 which resulted in the breach of the protected health information of its customers.
The breached information included patient names, health insurance claims information, diagnoses, treatments, dates of service, provider names, and other information related to medical services that were contained in the impacted employee email accounts and their attachments.
Health Quest Affiliates investigated the incident and notified the affected patients.
Source: https://healthitsecurity.com/news/health-quest-reports-phishing-attack-related-breach-from-2018
TPRM report: https://scoringcyber.rankiteo.com/company/health-quest
"id": "hea224291022",
"linkid": "health-quest",
"type": "Breach",
"date": "07/2018",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'name': 'Health Quest',
'type': 'Healthcare Provider'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Notified affected patients',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['protected health information',
'patient names',
'health insurance claims '
'information',
'diagnoses',
'treatments',
'dates of service',
'provider names',
'other information related to '
'medical services']},
'date_detected': '2018-07-01',
'description': "Health Quest's employees fell victim to phishing attacks in "
'July 2018 which resulted in the breach of the protected '
'health information of its customers. The breached information '
'included patient names, health insurance claims information, '
'diagnoses, treatments, dates of service, provider names, and '
'other information related to medical services that were '
'contained in the impacted employee email accounts and their '
'attachments. Health Quest Affiliates investigated the '
'incident and notified the affected patients.',
'impact': {'data_compromised': ['patient names',
'health insurance claims information',
'diagnoses',
'treatments',
'dates of service',
'provider names',
'other information related to medical '
'services']},
'initial_access_broker': {'entry_point': 'Phishing'},
'investigation_status': 'Completed',
'post_incident_analysis': {'root_causes': 'Phishing attacks on employees'},
'response': {'communication_strategy': 'Notified affected patients'},
'title': 'Health Quest Phishing Incident',
'type': 'Data Breach',
'vulnerability_exploited': 'Human'}