US HealthCenter, Inc.

On April 13, 2020, US HealthCenter, Inc. experienced a data breach involving unauthorized access to a dedicated email inbox associated with Cost Plus World Market’s Wellness Program. The incident, reported by the California Office of the Attorney General on July 16, 2020, exposed protected health information (PHI) of individuals enrolled in the program. The compromised data may have included sensitive personal and medical details, though the exact scope of the exposed information was not fully disclosed. The breach stemmed from an unauthorized third-party gaining access to the email account, potentially allowing them to view, copy, or exfiltrate PHI. While the company likely took remedial actions such as securing the affected account, notifying impacted individuals, and offering credit monitoring or identity protection services the incident highlights vulnerabilities in email security protocols, particularly for accounts handling sensitive health data. The exposure of PHI poses risks such as identity theft, medical fraud, or targeted phishing attacks against affected individuals. Regulatory scrutiny under HIPAA (Health Insurance Portability and Accountability Act) may also apply, given the nature of the compromised data. The breach underscores the critical need for robust access controls, multi-factor authentication (MFA), and continuous monitoring of systems handling protected health information.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-192087

TPRM report: https://www.rankiteo.com/company/predictimed

"id": "pre020090625",
"linkid": "predictimed",
"type": "Breach",
"date": "4/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'United States (California)',
                        'name': 'US HealthCenter, Inc.',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Retail',
                        'location': 'United States',
                        'name': 'Cost Plus World Market',
                        'type': 'Retailer'}],
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Protected Health Information '
                                             '(PHI)'},
 'date_detected': '2020-04-13',
 'date_publicly_disclosed': '2020-07-16',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving US HealthCenter, Inc. on July 16, 2020. The '
                'breach occurred on April 13, 2020, involving unauthorized '
                'access to a dedicated email inbox related to the Cost Plus '
                'World Market’s Wellness Program, potentially exposing '
                'protected health information (PHI).',
 'impact': {'data_compromised': ['Protected Health Information (PHI)'],
            'systems_affected': ['Dedicated email inbox related to Cost Plus '
                                 'World Market’s Wellness Program']},
 'references': [{'date_accessed': '2020-07-16',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (Health '
                                                    'Insurance Portability and '
                                                    'Accountability Act) '
                                                    'violations'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Data Breach at US HealthCenter, Inc. Involving Protected Health '
          'Information (PHI)',
 'type': 'Data Breach'}