An unauthorized third party had gained access to folders on the Oklahoma State University Center for Health Sciences computer network.
Folders stored Medicaid patient billing information.
Immediate action was taken to remove the folders from the computer network and terminated the third-party access.
The folders included patients’ names, Medicaid numbers, healthcare provider names, dates of service, and limited treatment information.
These folders did not contain medical records.
A single social security number was contained on the server.
TPRM report: https://scoringcyber.rankiteo.com/company/oklahoma-state-university-medical-center
"id": "okl215018522",
"linkid": "oklahoma-state-university-medical-center",
"type": "Breach",
"date": "11/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'location': 'Oklahoma, USA',
'name': 'Oklahoma State University Center for Health '
'Sciences',
'type': 'Educational Institution'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'personally_identifiable_information': ['Patients’ names',
'Medicaid numbers',
'Single social '
'security number'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Patient billing information',
'Single social security number']},
'description': 'An unauthorized third party gained access to folders on the '
'Oklahoma State University Center for Health Sciences computer '
'network. The folders contained Medicaid patient billing '
'information, including patients’ names, Medicaid numbers, '
'healthcare provider names, dates of service, and limited '
'treatment information. A single social security number was '
'also contained on the server.',
'impact': {'data_compromised': ['Patients’ names',
'Medicaid numbers',
'Healthcare provider names',
'Dates of service',
'Limited treatment information',
'Single social security number'],
'systems_affected': 'Computer network'},
'response': {'containment_measures': 'Removed the folders from the computer '
'network and terminated the third-party '
'access'},
'threat_actor': 'Unauthorized Third Party',
'title': 'Unauthorized Access to Medicaid Patient Billing Information',
'type': 'Data Breach'}