cyber Breach

Molina Healthcare

May 11, 2023 1 min read
Molina Healthcare

MolinaHealthcare.com suffered from a data breach incident that exposed every other patient's data to anyone logged into the site.

In this attack a single hyperlink to a patient record would allow an attacker to enumerate and download all other claims.

The exposed data includes names, addresses and dates of birth, as well as potentially sensitive information that may point to specific diseases, such as medical procedure codes and any prescribed medications.

They took their ePortal temporarily offline to perform additional testing of their system security.

Source: https://www.scmagazine.com/news/content/molinahealthcare-com-patient-records-left-exposed

TPRM report: https://scoringcyber.rankiteo.com/company/molina-healthcare

"id": "mol181123922",
"linkid": "molina-healthcare",
"type": "Breach",
"date": "05/2017",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'name': 'MolinaHealthcare.com',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Exploitation of a hyperlink vulnerability',
 'data_breach': {'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Dates of birth'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Medical Information']},
 'description': 'MolinaHealthcare.com suffered from a data breach incident '
                "that exposed every other patient's data to anyone logged into "
                'the site. In this attack, a single hyperlink to a patient '
                'record would allow an attacker to enumerate and download all '
                'other claims. The exposed data includes names, addresses, and '
                'dates of birth, as well as potentially sensitive information '
                'that may point to specific diseases, such as medical '
                'procedure codes and any prescribed medications. They took '
                'their ePortal temporarily offline to perform additional '
                'testing of their system security.',
 'impact': {'data_compromised': ['Names',
                                 'Addresses',
                                 'Dates of birth',
                                 'Medical procedure codes',
                                 'Prescribed medications'],
            'downtime': 'Temporary',
            'systems_affected': ['ePortal']},
 'response': {'containment_measures': 'Taking ePortal temporarily offline',
              'remediation_measures': 'Additional testing of system security'},
 'title': 'MolinaHealthcare.com Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Hyperlink vulnerability allowing enumeration and '
                            'download of patient records'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.