A building leased by STAT Informatics Solutions, LLC (“STAT”) in Lebanon, Tennessee was struck down due to a tornado on March 3, 2020.
It led to potentially inappropriate disclosure of personal information.
STAT is based in Waupaca, Wisconsin, and provides various secure record services to healthcare entities.
Poplar Bluff Regional Medical Center contracts with STAT to scan paper documents into the hospital’s electronic medical record system and for secure destruction of records.
The records stored in the building damaged by the tornado contained medical records, which included personal information such as a patient’s full name, social security number, address, date of birth, medical record number, account number, images, diagnoses, nursing and physician documentation, test results, medications, and/or other types of information typically found in a medical record.
STAT notified Poplar Bluff Regional Medical Center on March 3, 2020, of this incident.
In an effort to prevent unauthorized access and disclosure of records involved, a tall fence was erected around the property and two security guards were posted 24 hours a day, seven days a week.
TPRM report: https://scoringcyber.rankiteo.com/company/pbrmc
"id": "pop1844291222",
"linkid": "pbrmc",
"type": "Data Leak",
"date": "03/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Poplar Bluff',
'name': 'Poplar Bluff Regional Medical Center',
'type': 'Healthcare Entity'}],
'attack_vector': 'Physical Damage',
'data_breach': {'personally_identifiable_information': ['full name',
'social security '
'number',
'address',
'date of birth',
'medical record '
'number',
'account number',
'images',
'diagnoses',
'nursing and '
'physician '
'documentation',
'test results',
'medications'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['medical records',
'personal information']},
'date_detected': '2020-03-03',
'description': 'A building leased by STAT Informatics Solutions, LLC (“STAT”) '
'in Lebanon, Tennessee was struck down due to a tornado on '
'March 3, 2020. It led to potentially inappropriate disclosure '
'of personal information.',
'impact': {'data_compromised': ['medical records',
'personal information such as a patient’s '
'full name, social security number, address, '
'date of birth, medical record number, '
'account number, images, diagnoses, nursing '
'and physician documentation, test results, '
'medications']},
'post_incident_analysis': {'root_causes': 'Tornado Damage'},
'response': {'containment_measures': ['A tall fence was erected around the '
'property',
'Two security guards were posted 24 '
'hours a day, seven days a week']},
'threat_actor': 'Natural Disaster',
'title': 'Tornado Damage Leads to Potential Disclosure of Medical Records',
'type': 'Natural Disaster'}