Saint Francis Ministries provided notice to certain individuals as well as certain state and federal regulators about the security incident they faced.
On December 19, 2019, Saint Francis became aware of suspicious activity relating to one of its employee's email accounts.
An unknown actor accessed the email account between December 13, 2019, and December 20, 2019.
Information for certain individuals that were located in the email account was accessed by the unauthorized actor.
The impacted email accounts contained information including Social Security Number, Date of Birth, Driver's License or State ID, Bank or Financial Account Number, Credit or Debit Card Number, Treatment or Diagnosis Information, Prescription Information, Provider Name, Medical Record Number or Patient ID, Medicare or Medicaid Number, Health Insurance Information, Treatment Cost Information, and Username and Password.
TPRM report: https://scoringcyber.rankiteo.com/company/saintfrancisministries
"id": "sai1424291222",
"linkid": "saintfrancisministries",
"type": "Data Leak",
"date": "12/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Saint Francis Ministries',
'type': 'Non-profit Organization'}],
'attack_vector': 'Email Account Compromise',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security Number',
'Date of Birth',
"Driver's License or State ID",
'Bank or Financial Account '
'Number',
'Credit or Debit Card Number',
'Treatment or Diagnosis '
'Information',
'Prescription Information',
'Provider Name',
'Medical Record Number or '
'Patient ID',
'Medicare or Medicaid Number',
'Health Insurance Information',
'Treatment Cost Information',
'Username and Password']},
'date_detected': '2019-12-19',
'description': 'Saint Francis Ministries faced a security incident where an '
"unauthorized actor accessed an employee's email account, "
'compromising sensitive information of certain individuals.',
'impact': {'data_compromised': ['Social Security Number',
'Date of Birth',
"Driver's License or State ID",
'Bank or Financial Account Number',
'Credit or Debit Card Number',
'Treatment or Diagnosis Information',
'Prescription Information',
'Provider Name',
'Medical Record Number or Patient ID',
'Medicare or Medicaid Number',
'Health Insurance Information',
'Treatment Cost Information',
'Username and Password'],
'systems_affected': 'Email Account'},
'initial_access_broker': {'entry_point': 'Email Account'},
'regulatory_compliance': {'regulatory_notifications': 'Certain state and '
'federal regulators'},
'threat_actor': 'Unknown',
'title': 'Saint Francis Ministries Email Account Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Compromised Email Account'}