Rutland Regional Medical Center

Rutland Regional Medical Center discovered an incident that affect the security of the personal information of certain individuals after employee email accounts were hacked.

An employee’s email account was subject to unauthorized access and immediately changed the employee’s password and locked the account.

Rutland Regional enlisted the assistance of a third-party forensic expert to further investigate this incident.

The attack exposed the name, contact information, Social Security number, financial information, date of birth, medical record number, patient identification number, medical and/or clinical information including diagnosis and treatment information, and health insurance information of certain individuals.

Rutland Regional investigated the incident and notified the impacted individuals.

Source: https://www.databreaches.net/vt-rutland-regional-medical-center-notifies-patients-after-employee-email-accounts-hacked/

TPRM report: https://scoringcyber.rankiteo.com/company/rutland-regional-medical-center

"id": "rut42316223",
"linkid": "rutland-regional-medical-center",
"type": "Data Leak",
"date": "12/2018",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'name': 'Rutland Regional Medical Center',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Phishing/Email Compromise',
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Name',
                                              'Contact Information',
                                              'Social Security Number',
                                              'Financial Information',
                                              'Date of Birth',
                                              'Medical Record Number',
                                              'Patient Identification Number',
                                              'Medical and/or Clinical '
                                              'Information',
                                              'Health Insurance Information']},
 'description': 'Rutland Regional Medical Center discovered an incident that '
                'affected the security of the personal information of certain '
                'individuals after employee email accounts were hacked.',
 'impact': {'data_compromised': ['Name',
                                 'Contact Information',
                                 'Social Security Number',
                                 'Financial Information',
                                 'Date of Birth',
                                 'Medical Record Number',
                                 'Patient Identification Number',
                                 'Medical and/or Clinical Information',
                                 'Health Insurance Information']},
 'initial_access_broker': {'entry_point': 'Email Account'},
 'response': {'communication_strategy': 'Notified impacted individuals',
              'containment_measures': "Changed employee's password and locked "
                                      'the account',
              'third_party_assistance': 'Third-party forensic expert'},
 'title': 'Unauthorized Access to Employee Email Accounts at Rutland Regional '
          'Medical Center',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Weak email account security'}