The California Office of the Attorney General disclosed a data breach at PIH Health in January 2020, stemming from a targeted phishing campaign between June 11–19, 2019. Unauthorized actors gained access to employee email accounts, compromising sensitive data of 159,879 California residents. Exposed information included names, Social Security numbers, driver’s license numbers, medical records, health insurance details, and online account credentials—posing severe risks of identity theft, financial fraud, and privacy violations. The breach originated from human error (falling for phishing scams), highlighting vulnerabilities in employee cybersecurity awareness and email security protocols. While no ransomware was involved, the scale and sensitivity of the leaked data—particularly medical and financial records—elevate the incident’s gravity, directly impacting both internal employees (whose credentials were exploited) and customers/patients (whose personal and health data was exposed). The breach underscores systemic weaknesses in safeguarding high-value targets like healthcare providers, where data integrity is critical for trust and regulatory compliance.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-185839
TPRM report: https://www.rankiteo.com/company/pih-health
"id": "pih1018090725",
"linkid": "pih-health",
"type": "Breach",
"date": "6/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '159,879',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'PIH Health',
'type': 'Healthcare Provider'}],
'attack_vector': 'Phishing (Email)',
'data_breach': {'data_exfiltration': 'Likely (Unauthorized Access to Email '
'Accounts)',
'number_of_records_exposed': '159,879',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (Includes SSN, Medical, and '
'Financial Data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Authentication Credentials']},
'date_detected': '2019-06-19',
'date_publicly_disclosed': '2020-01-10',
'description': 'The California Office of the Attorney General reported a data '
'breach incident involving PIH Health on January 10, 2020. The '
'breach occurred between June 11, 2019, and June 19, 2019, '
'resulting from unauthorized access to employee email accounts '
'due to a targeted email phishing campaign, affecting '
'approximately 159,879 California residents. The exposed '
'information may include names, Social Security numbers, '
"driver's license numbers, medical information, health "
'insurance information, and online account credentials.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (Data '
'Breach Disclosure)',
'data_compromised': ['Names',
'Social Security Numbers',
"Driver's License Numbers",
'Medical Information',
'Health Insurance Information',
'Online Account Credentials'],
'identity_theft_risk': 'High (PII and Sensitive Data Exposed)',
'systems_affected': ['Employee Email Accounts']},
'initial_access_broker': {'entry_point': 'Employee Email Accounts (Phishing)',
'high_value_targets': ['Employee Credentials',
'PII/PHI Data']},
'post_incident_analysis': {'root_causes': 'Successful Phishing Attack Leading '
'to Unauthorized Email Access'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Consumer '
'Privacy Act (CCPA)',
'Health Insurance '
'Portability and '
'Accountability Act '
'(HIPAA)'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public Disclosure via California '
'Office of the Attorney General'},
'title': 'PIH Health Data Breach via Phishing Campaign',
'type': 'Data Breach',
'vulnerability_exploited': 'Human (Employee Susceptibility to Phishing)'}