cyber Breach

NEW HAVEN HEALTH DEPARTMENT

May 6, 2023 1 min read
NEW HAVEN HEALTH DEPARTMENT

The City of New Haven, terminated employees were accessing other people’s private personal information from a government computer they took home.

A New Haven computer contained the protected health information (PHI) of 498 individuals.

The compromised information included patient names, addresses, dates of birth, race/ethnicity, gender, and sexually transmitted disease test results.

OCR’s investigated the incident and determined that New Haven failed to conduct an enterprise-wide risk analysis, and failed to implement termination procedures, access controls such as unique user identification, and HIPAA Privacy Rule policies and procedures.

Source: https://www.databreaches.net/new-haven-health-department-failed-to-terminate-former-employees-access-to-protected-health-information/

TPRM report: https://scoringcyber.rankiteo.com/company/new-haven-health-department

"id": "new203622",
"linkid": "new-haven-health-department",
"type": "Data Leak",
"date": "08/2016",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Government',
                        'location': 'New Haven',
                        'name': 'City of New Haven',
                        'type': 'Government'}],
 'attack_vector': 'Insider Threat',
 'data_breach': {'number_of_records_exposed': '498',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Protected health information '
                                             '(PHI)'},
 'description': 'Terminated employees accessed private personal information '
                'from a government computer they took home.',
 'impact': {'data_compromised': ['Patient names',
                                 'Addresses',
                                 'Dates of birth',
                                 'Race/ethnicity',
                                 'Gender',
                                 'Sexually transmitted disease test results']},
 'lessons_learned': 'Importance of conducting enterprise-wide risk analysis, '
                    'implementing proper termination procedures, access '
                    'controls, and HIPAA Privacy Rule policies and procedures.',
 'motivation': 'Unauthorized access to personal information',
 'post_incident_analysis': {'root_causes': 'Lack of enterprise-wide risk '
                                           'analysis, termination procedures, '
                                           'and access controls.'},
 'regulatory_compliance': {'regulations_violated': 'HIPAA'},
 'threat_actor': 'Terminated employees',
 'title': 'Data Breach at City of New Haven',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Lack of access controls and termination '
                            'procedures'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.