Ivinson Memorial Hospital suffered from a breach incident after an unauthorized person had changed the code on its web server, with the changes intended to gather patient billing and health-related information while it was being entered into online patient web forms.
Patients who made a payment online or filled out a patient intake form between January 14 and December 20, 2016, were impacted.
They investigated the incident and took preventive steps to stop such incidents in the future.
Source: https://www.databreaches.net/ivinson-memorial-hospital-notifies-patients-of-fasthealth-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/ivinson-memorial-hospital
"id": "ivi99291022",
"linkid": "ivinson-memorial-hospital",
"type": "Breach",
"date": "07/2016",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 'Patients who made a payment '
'online or filled out a patient '
'intake form between January 14 '
'and December 20, 2016',
'industry': 'Healthcare',
'name': 'Ivinson Memorial Hospital',
'type': 'Hospital'}],
'attack_vector': 'Web Application',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Patient billing information',
'Health-related information']},
'description': 'Ivinson Memorial Hospital suffered from a breach incident '
'after an unauthorized person had changed the code on its web '
'server, with the changes intended to gather patient billing '
'and health-related information while it was being entered '
'into online patient web forms.',
'impact': {'data_compromised': 'Patient billing and health-related '
'information',
'systems_affected': 'Web server'},
'motivation': 'Data Theft',
'response': {'remediation_measures': 'Preventive steps to stop such incidents '
'in the future'},
'threat_actor': 'Unauthorized Person',
'title': 'Ivinson Memorial Hospital Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Code Injection'}