MolinaHealthcare.com suffered from a data breach incident that exposed every other patient's data to anyone logged into the site.
In this attack a single hyperlink to a patient record would allow an attacker to enumerate and download all other claims.
The exposed data includes names, addresses and dates of birth, as well as potentially sensitive information that may point to specific diseases, such as medical procedure codes and any prescribed medications.
They took their ePortal temporarily offline to perform additional testing of their system security.
Source: https://www.scmagazine.com/news/content/molinahealthcare-com-patient-records-left-exposed
TPRM report: https://scoringcyber.rankiteo.com/company/molina-healthcare
"id": "mol181123922",
"linkid": "molina-healthcare",
"type": "Breach",
"date": "05/2017",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'name': 'MolinaHealthcare.com',
'type': 'Healthcare Provider'}],
'attack_vector': 'Exploitation of a hyperlink vulnerability',
'data_breach': {'personally_identifiable_information': ['Names',
'Addresses',
'Dates of birth'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Medical Information']},
'description': 'MolinaHealthcare.com suffered from a data breach incident '
"that exposed every other patient's data to anyone logged into "
'the site. In this attack, a single hyperlink to a patient '
'record would allow an attacker to enumerate and download all '
'other claims. The exposed data includes names, addresses, and '
'dates of birth, as well as potentially sensitive information '
'that may point to specific diseases, such as medical '
'procedure codes and any prescribed medications. They took '
'their ePortal temporarily offline to perform additional '
'testing of their system security.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Dates of birth',
'Medical procedure codes',
'Prescribed medications'],
'downtime': 'Temporary',
'systems_affected': ['ePortal']},
'response': {'containment_measures': 'Taking ePortal temporarily offline',
'remediation_measures': 'Additional testing of system security'},
'title': 'MolinaHealthcare.com Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Hyperlink vulnerability allowing enumeration and '
'download of patient records'}