The California Office of the Attorney General disclosed a data breach affecting Indian Health Council, Inc. on November 20, 2020, with the incident occurring on September 22, 2020. The breach involved the unauthorized exposure of protected health information (PHI), including sensitive details such as names, birthdates, health records, and health insurance data. The exact number of impacted individuals remains undetermined, but the compromised data poses significant risks, including potential identity theft, financial fraud, or misuse of medical information.Given the nature of the exposed data personal and health-related records the breach could lead to severe consequences for affected individuals, including reputational harm to the organization and regulatory scrutiny under HIPAA (Health Insurance Portability and Accountability Act). The incident underscores vulnerabilities in safeguarding highly sensitive patient data, raising concerns about the organization’s cybersecurity posture and its ability to prevent future breaches. The lack of clarity on the number of victims further complicates risk assessment and mitigation efforts.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-196391
TPRM report: https://www.rankiteo.com/company/indian-health-council-inc
"id": "ind546091725",
"linkid": "indian-health-council-inc",
"type": "Breach",
"date": "9/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Indian Health Council, Inc.',
'type': 'Non-profit Organization'}],
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names', 'birthdates'],
'sensitivity_of_data': 'High (PHI)',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)']},
'date_detected': '2020-09-22',
'date_publicly_disclosed': '2020-11-20',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Indian Health Council, Inc. on November 20, '
'2020. The breach occurred on September 22, 2020, potentially '
'exposing protected health information (PHI) such as names, '
'birthdates, health information, and health insurance '
'information; the number of individuals affected is currently '
'unknown.',
'impact': {'data_compromised': ['names',
'birthdates',
'health information',
'health insurance information'],
'identity_theft_risk': 'Potential (PHI exposed)'},
'references': [{'date_accessed': '2020-11-20',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA violation '
'(PHI exposure)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at Indian Health Council, Inc.',
'type': 'Data Breach'}