Presbyterian Healthcare Services

Presbyterian Healthcare Services reported a data breach that allowed unauthorized access to personal information belonging to around 183,000 patients and health plan members.

The breach allowed access to names, dates of birth, Social Security numbers and other types of information.

It happened after a Presbyterian employee responded to a “phishing” scam designed to gain access to private information.

The health care provider doesn’t believe any of the information has been used in any way.

Source: https://www.abqjournal.com/1348856/presbyterian-data-breach-affects-some-183000-patients-ex-scammers-got-ssns-other-info-but-do-not-seem-to-have-used-anything.html

TPRM report: https://scoringcyber.rankiteo.com/company/presbyterian-healthcare-services

"id": "pre1559423",
"linkid": "presbyterian-healthcare-services",
"type": "Data Leak",
"date": "08/2019",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 183000,
                        'industry': 'Healthcare',
                        'name': 'Presbyterian Healthcare Services',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Phishing',
 'data_breach': {'number_of_records_exposed': 183000,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Dates of Birth',
                                              'Social Security numbers',
                                              'Other types of information']},
 'description': 'Presbyterian Healthcare Services reported a data breach that '
                'allowed unauthorized access to personal information belonging '
                'to around 183,000 patients and health plan members. The '
                'breach allowed access to names, dates of birth, Social '
                'Security numbers and other types of information. It happened '
                "after a Presbyterian employee responded to a 'phishing' scam "
                'designed to gain access to private information. The health '
                'care provider doesn’t believe any of the information has been '
                'used in any way.',
 'impact': {'data_compromised': ['Names',
                                 'Dates of Birth',
                                 'Social Security numbers',
                                 'Other types of information']},
 'initial_access_broker': {'entry_point': 'Phishing Email'},
 'motivation': 'Unauthorized Access',
 'post_incident_analysis': {'root_causes': 'Employee responded to a phishing '
                                           'scam'},
 'title': 'Presbyterian Healthcare Services Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Human'}