The personal data of 18,105 people who tested positive for coronavirus was accidently exposed by Public Health Wale.
The compromised information including patients’ initials, dates of birth, geographical area and gender were exposed on a publicly accessible server.
The public health soon disabled the public access to the server and secured it from further consequences.
TPRM report: https://scoringcyber.rankiteo.com/company/public-health-wales
"id": "pub1349422",
"linkid": "public-health-wales",
"type": "Breach",
"date": "09/2020",
"severity": "90",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 18105,
'industry': 'Healthcare',
'location': 'Wales',
'name': 'Public Health Wales',
'type': 'Government'}],
'attack_vector': 'Accidental Exposure',
'data_breach': {'number_of_records_exposed': 18105,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['initials',
'dates of birth',
'geographical area',
'gender']},
'description': 'The personal data of 18,105 people who tested positive for '
'coronavirus was accidentally exposed by Public Health Wales. '
'The compromised information including patients’ initials, '
'dates of birth, geographical area, and gender were exposed on '
'a publicly accessible server.',
'impact': {'data_compromised': ['initials',
'dates of birth',
'geographical area',
'gender'],
'systems_affected': ['Publicly Accessible Server']},
'response': {'containment_measures': ['Disabled public access to the server'],
'remediation_measures': ['Secured the server from further '
'consequences']},
'title': 'Public Health Wales Data Exposure Incident',
'type': 'Data Breach',
'vulnerability_exploited': 'Publicly Accessible Server'}