Novant Health suffered a data breach that disclosed sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details of about 1.3 million patients.
Novant Health informed some of its patients following possible disclosure of protected health information (PHI) resulting from an incorrect configuration of a pixel, an online tracking tool.
The leaked data also potentially included computer IP addresses, emergency contact information, advanced care planning contacts, appointment types and dates, patients' physicians, and various information types into text boxes or selected from drop-down menus and buttons via its patient portal.
Source: https://www.theregister.com/2022/08/22/novant_meta_data/
TPRM report: https://scoringcyber.rankiteo.com/company/novanthealth
"id": "nov13241022",
"linkid": "novanthealth",
"type": "Breach",
"date": "08/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'customers_affected': '1.3 million patients',
'industry': 'Healthcare',
'name': 'Novant Health',
'size': 'Large',
'type': 'Healthcare Provider'}],
'attack_vector': 'Incorrect configuration of a pixel (online tracking tool)',
'data_breach': {'number_of_records_exposed': '1.3 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Email addresses',
'Phone numbers',
'Financial information',
"Doctor's appointment details",
'Computer IP addresses',
'Emergency contact information',
'Advanced care planning contacts',
'Appointment types and dates',
"Patients' physicians",
'Various information types into '
'text boxes or selected from '
'drop-down menus and buttons']},
'description': 'Novant Health suffered a data breach that disclosed sensitive '
'data, including email addresses, phone numbers, financial '
"information - even doctor's appointment details of about 1.3 "
'million patients. The leaked data also potentially included '
'computer IP addresses, emergency contact information, '
'advanced care planning contacts, appointment types and dates, '
"patients' physicians, and various information types into text "
'boxes or selected from drop-down menus and buttons via its '
'patient portal.',
'impact': {'data_compromised': ['Email addresses',
'Phone numbers',
'Financial information',
"Doctor's appointment details",
'Computer IP addresses',
'Emergency contact information',
'Advanced care planning contacts',
'Appointment types and dates',
"Patients' physicians",
'Various information types into text boxes or '
'selected from drop-down menus and buttons'],
'systems_affected': 'Patient portal'},
'post_incident_analysis': {'root_causes': 'Incorrect configuration of a '
'pixel'},
'title': 'Novant Health Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Incorrect configuration'}