The breach was announced by InterMed P.A., a healthcare organization in Southern Maine, and it showed that hackers had earlier this fall gained access to one of its employee's email accounts.
Patients' names, birthdates, health insurance details, and clinical data are among the information that has been made public.
Only a small number of patient Social Security numbers, according to the organization, were disclosed.
It was discovered that three additional staff email accounts were compromised between September 7 and October 10 after hiring a digital forensics company.
Source: https://www.digitalguardian.com/blog/breaches-two-maine-healthcare-providers-exposes-data-52000
TPRM report: https://scoringcyber.rankiteo.com/company/intermed-pa
"id": "int41123423",
"linkid": "intermed-pa",
"type": "Breach",
"date": "11/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'location': 'Southern Maine',
'name': 'InterMed P.A.',
'type': 'Healthcare Organization'}],
'attack_vector': 'Email Compromise',
'data_breach': {'personally_identifiable_information': ['Patient names',
'Birthdates',
'Social Security '
'numbers'],
'type_of_data_compromised': ['Patient names',
'Birthdates',
'Health insurance details',
'Clinical data',
'Social Security numbers']},
'description': "Hackers gained access to one of InterMed P.A.'s employee's "
'email accounts, exposing patient information including names, '
'birthdates, health insurance details, and clinical data. A '
'small number of patient Social Security numbers were also '
'disclosed. Three additional staff email accounts were '
'compromised between September 7 and October 10.',
'impact': {'data_compromised': ['Patient names',
'Birthdates',
'Health insurance details',
'Clinical data',
'Social Security numbers'],
'systems_affected': ['Employee email accounts']},
'response': {'third_party_assistance': ['Digital forensics company']},
'title': 'InterMed P.A. Email Account Breach',
'type': 'Data Breach'}