Inova Health System, a prominent healthcare provider, experienced a data breach reported by the California Office of the Attorney General on **September 15, 2020**. The incident stemmed from an **attempted ransomware attack** on **May 20, 2020**, with intermittent data exposure occurring between **February 7, 2020, and May 20, 2020**. The breach compromised **personal information** of individuals, including **names, addresses, dates of birth, and philanthropic giving history**. While the exact number of affected individuals remains undisclosed, the exposure of such sensitive data poses significant risks, including potential identity theft, financial fraud, or targeted phishing attacks. As a healthcare entity, Inova’s breach underscores vulnerabilities in safeguarding patient and donor data, raising concerns about compliance with **HIPAA** and other data protection regulations. The incident highlights the growing threat of ransomware in the healthcare sector, where disruptions can have life-threatening consequences beyond data loss.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-194048
TPRM report: https://www.rankiteo.com/company/inova-health-system
"id": "ino010091825",
"linkid": "inova-health-system",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'unknown',
'industry': 'healthcare',
'location': 'California, USA',
'name': 'Inova Health System',
'type': 'healthcare provider'}],
'data_breach': {'data_exfiltration': 'potential',
'number_of_records_exposed': 'unknown',
'personally_identifiable_information': ['names',
'addresses',
'dates of birth'],
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personal information']},
'date_detected': '2020-05-20',
'date_publicly_disclosed': '2020-09-15',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Inova Health System on September 15, 2020. '
'The breach involved an attempted ransomware attack that '
'occurred on May 20, 2020, and data exposure occurred '
'intermittently between February 7, 2020, and May 20, 2020, '
'potentially affecting personal information such as names, '
'addresses, dates of birth, and philanthropic giving history.',
'impact': {'data_compromised': ['names',
'addresses',
'dates of birth',
'philanthropic giving history'],
'identity_theft_risk': 'potential'},
'initial_access_broker': {'reconnaissance_period': '2020-02-07 to 2020-05-20 '
'(intermittent)'},
'ransomware': {'data_exfiltration': 'potential'},
'references': [{'date_accessed': '2020-09-15',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Inova Health System Data Breach and Ransomware Attempt',
'type': ['data breach', 'ransomware attempt']}