The California Office of the Attorney General disclosed a data breach affecting **Work Health Solutions**, occurring between **February 16, 2022, and March 24, 2022**. The incident involved **unauthorized access to an email account**, potentially exposing **personally identifiable information (PII) and/or protected health information (PHI)** of an unspecified number of individuals. The breach was formally reported on **November 9, 2022**, nearly eight months after the initial compromise. While the exact scale of the breach remains undisclosed, the exposure of **sensitive health and personal data** poses significant risks, including identity theft, financial fraud, or misuse of medical records. The delayed detection and reporting further amplify concerns regarding the organization’s cybersecurity posture and incident response capabilities. The compromised email account likely served as a vector for exfiltrating confidential data, though the attack’s full scope—such as whether the data was actively stolen or merely accessed—has not been detailed. As a healthcare-adjacent entity, the breach underscores vulnerabilities in handling **protected health information**, potentially violating regulatory frameworks like **HIPAA**. The incident highlights the critical need for robust email security, multi-factor authentication, and timely breach notifications to mitigate harm to affected individuals.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-559087
TPRM report: https://www.rankiteo.com/company/mobile-med-work-health-solutions
"id": "mob040091825",
"linkid": "mobile-med-work-health-solutions",
"type": "Breach",
"date": "2/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unspecified',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Work Health Solutions',
'type': 'Organization'}],
'attack_vector': 'Unauthorized Access (Email Account Compromise)',
'data_breach': {'data_exfiltration': 'Potential',
'number_of_records_exposed': 'Unspecified',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2022-11-09',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Work Health Solutions, which occurred '
'between February 16, 2022, and March 24, 2022. The breach '
'involved unauthorized access to an email account and may have '
'compromised identifiable personal and/or protected health '
'information of an unspecified number of individuals.',
'impact': {'data_compromised': ['Personal Identifiable Information (PII)',
'Protected Health Information (PHI)'],
'identity_theft_risk': 'Potential',
'systems_affected': ['Email Account']},
'initial_access_broker': {'entry_point': 'Email Account'},
'references': [{'date_accessed': '2022-11-09',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (Health '
'Insurance Portability and '
'Accountability Act)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Work Health Solutions Data Breach (2022)',
'type': 'Data Breach'}