Breach cyber

HMSA

May 16, 2022 1 min read
HMSA

Hawai‘i Medical Service Association suffered a data breach incident in 2016 which exposed the personal information of 10,800 members.

The privacy breach was caused because of an error made with the mailing of care management letters to members.

The emails that were sent to incorrect individuals included information about members' specific health condition, Social Security numbers, or other sensitive personal information.

HMSA immediately responded to the incident and asked the receiving party to delete the emails and notified the impacted persons of the breach.

Source: https://www.hipaajournal.com/hawaii-medical-service-association-privacy-breach-8293/

TPRM report: https://www.rankiteo.com/company/hmsa

"id": "hms11617522",
"linkid": "hmsa",
"type": "Breach",
"date": "6/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 10800,
                        'industry': 'Healthcare',
                        'location': 'Hawaii',
                        'name': 'Hawai‘i Medical Service Association',
                        'type': 'Healthcare'}],
 'attack_vector': 'Email',
 'data_breach': {'number_of_records_exposed': 10800,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Specific health conditions',
                                              'Social Security numbers',
                                              'Other sensitive personal '
                                              'information']},
 'description': 'Hawai‘i Medical Service Association suffered a data breach '
                'incident in 2016 which exposed the personal information of '
                '10,800 members. The privacy breach was caused because of an '
                'error made with the mailing of care management letters to '
                'members. The emails that were sent to incorrect individuals '
                "included information about members' specific health "
                'condition, Social Security numbers, or other sensitive '
                'personal information. HMSA immediately responded to the '
                'incident and asked the receiving party to delete the emails '
                'and notified the impacted persons of the breach.',
 'impact': {'data_compromised': ['Specific health conditions',
                                 'Social Security numbers',
                                 'Other sensitive personal information']},
 'post_incident_analysis': {'root_causes': 'Incorrect mailing of care '
                                           'management letters'},
 'response': {'containment_measures': 'Asked the receiving party to delete the '
                                      'emails',
              'remediation_measures': 'Notified the impacted persons of the '
                                      'breach'},
 'title': 'HMSA Data Breach Incident',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Incorrect mailing of care management letters'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.