The Vermont Office of the Attorney General disclosed a data breach affecting OsteoRemedies, LLC, reported on May 9, 2023. The incident stemmed from a phishing attack that granted unauthorized access to employee email accounts between June 20, 2022, and August 18, 2022. The breach exposed sensitive personal information, including names and Social Security numbers (SSNs) of individuals linked to the compromised accounts. While the exact number of affected individuals was not specified, the exposure of SSNs poses significant risks, such as identity theft, financial fraud, or targeted scams. The breach was attributed to a failure in email security protocols, highlighting vulnerabilities in the company’s defenses against social engineering tactics. OsteoRemedies likely faced regulatory scrutiny and was required to notify impacted parties, offering credit monitoring or identity protection services as mitigation. The incident underscores the persistent threat of phishing as a gateway for broader data compromise, particularly when employee credentials are exploited.
Source: https://ago.vermont.gov/document/2023-05-09-osteoremedies-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/osteoremedies
"id": "ost025090625",
"linkid": "osteoremedies",
"type": "Breach",
"date": "6/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare/Medical Devices',
'name': 'OsteoRemedies, LLC',
'type': 'Private Company'}],
'attack_vector': 'Phishing',
'data_breach': {'data_exfiltration': 'Potential (unauthorized access to '
'emails)',
'file_types_exposed': ['Emails', 'Attachments (potential)'],
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['Personal Information (PII)']},
'date_publicly_disclosed': '2023-05-09',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach involving OsteoRemedies, LLC. The breach involved '
'unauthorized access to employee email accounts due to a '
'phishing incident occurring between June 20, 2022, and August '
'18, 2022, potentially compromising personal information, '
'including names and Social Security numbers.',
'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (PII exposed)',
'systems_affected': ['Employee Email Accounts']},
'initial_access_broker': {'entry_point': 'Phishing Email',
'high_value_targets': ['Employee Email Accounts'],
'reconnaissance_period': '2022-06-20 to 2022-08-18'},
'post_incident_analysis': {'root_causes': ['Successful phishing attack '
'leading to email account '
'compromise']},
'references': [{'date_accessed': '2023-05-09',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via Vermont '
'Attorney General'},
'title': 'OsteoRemedies, LLC Data Breach via Phishing Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Human (Employee Email Compromise)'}