cyber Breach

OrthoNebraska

Jul 14, 2022 1 min read
OrthoNebraska

An unauthorized party gained access to an employee’s email account of OrthoNebraska Hospital, based in Omaha, and breached certain sensitive patient information.

The leaked information included patients’ first and last names, genders, home addresses, phone numbers, dates of birth, driver’s license numbers, state identification card numbers, usernames and passwords, Social Security numbers, medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider names, medical account numbers, and insurance information.

The investigation revealed that the spam messages were sent from the company's email address, which lead to the data security breach.

Source: https://www.jdsupra.com/legalnews/orthonebraska-hospital-reports-leaked-2426111/

TPRM report: https://scoringcyber.rankiteo.com/company/ortho-nebraska

"id": "ort14812722",
"linkid": "ortho-nebraska",
"type": "Breach",
"date": "12/2021",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Omaha',
                        'name': 'OrthoNebraska Hospital',
                        'type': 'Hospital'}],
 'attack_vector': 'Email',
 'data_breach': {'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'description': 'An unauthorized party gained access to an employee’s email '
                'account of OrthoNebraska Hospital, based in Omaha, and '
                'breached certain sensitive patient information.',
 'impact': {'data_compromised': ['first and last names',
                                 'genders',
                                 'home addresses',
                                 'phone numbers',
                                 'dates of birth',
                                 'driver’s license numbers',
                                 'state identification card numbers',
                                 'usernames and passwords',
                                 'Social Security numbers',
                                 'medical history/diagnosis/treatment',
                                 'dates of service',
                                 'lab test results',
                                 'prescription information',
                                 'provider names',
                                 'medical account numbers',
                                 'insurance information'],
            'systems_affected': ['Email System']},
 'initial_access_broker': {'entry_point': 'Email'},
 'post_incident_analysis': {'root_causes': 'Spam messages sent from the '
                                           "company's email address"},
 'title': 'OrthoNebraska Hospital Email Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Email Account Compromise'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.