Patients in South Australia affected by Personify Care's third-party platform data breach.
The exposed data contained the health information of 121 patients on “supervised medication protocols”.
12,624 patients who were invited to use the platform were also listed, along with their names and phone numbers.
An "unauthorised third party" was able to erase a folder containing patient papers that had been submitted to an internet platform, according to the state administration, due to "unintentional human error" on the part of the patient portal Personify Care.
TPRM report: https://scoringcyber.rankiteo.com/company/sa-health
"id": "sah1747281023",
"linkid": "sa-health",
"type": "Data Leak",
"date": "10/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': [121, 12624],
'industry': 'Healthcare',
'location': 'South Australia',
'name': 'Personify Care',
'type': 'Healthcare'}],
'attack_vector': 'Unintentional Human Error',
'data_breach': {'number_of_records_exposed': 12745,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Health Information',
'Names',
'Phone Numbers']},
'description': "Patients in South Australia affected by Personify Care's "
'third-party platform data breach. The exposed data contained '
"the health information of 121 patients on 'supervised "
"medication protocols'. 12,624 patients who were invited to "
'use the platform were also listed, along with their names and '
"phone numbers. An 'unauthorised third party' was able to "
'erase a folder containing patient papers that had been '
'submitted to an internet platform, according to the state '
"administration, due to 'unintentional human error' on the "
'part of the patient portal Personify Care.',
'impact': {'data_compromised': ['Health Information',
'Names',
'Phone Numbers']},
'post_incident_analysis': {'root_causes': 'Unintentional Human Error'},
'threat_actor': 'Unauthorized Third Party',
'title': 'Personify Care Data Breach',
'type': 'Data Breach'}