The email accounts of two employees of Perry County Memorial Hospital were breached by unauthorized individuals.
The personal patient information was acquired by the hackers through breached accounts.
The data involved dates of birth, diagnoses/diagnostic codes, internal patient account numbers, medical provider names, and other health data of the customers.
TPRM report: https://scoringcyber.rankiteo.com/company/perrycountymemorialhospital
"id": "per22528222",
"linkid": "perrycountymemorialhospital",
"type": "Breach",
"date": "08/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Perry County Memorial Hospital',
'type': 'Healthcare Provider'}],
'attack_vector': 'Email Account Breach',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Dates of Birth',
'Diagnoses/Diagnostic Codes',
'Internal Patient Account '
'Numbers',
'Medical Provider Names',
'Other Health Data']},
'description': 'The email accounts of two employees of Perry County Memorial '
'Hospital were breached by unauthorized individuals. The '
'personal patient information was acquired by the hackers '
'through breached accounts. The data involved dates of birth, '
'diagnoses/diagnostic codes, internal patient account numbers, '
'medical provider names, and other health data of the '
'customers.',
'impact': {'data_compromised': ['Dates of Birth',
'Diagnoses/Diagnostic Codes',
'Internal Patient Account Numbers',
'Medical Provider Names',
'Other Health Data']},
'initial_access_broker': {'entry_point': 'Email Accounts'},
'motivation': 'Data Theft',
'title': 'Perry County Memorial Hospital Email Account Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized Access to Email Accounts'}