The Seattle Indian Health Board (SIHB) experienced a data breach on August 10, 2016, which was publicly disclosed on May 9, 2017. The incident stemmed from a cyberattack where unauthorized actors gained access to an employee’s email account, potentially exposing sensitive information. Approximately 4,579 individuals were affected, primarily patients whose data may have been compromised. While the investigation concluded that the risk of exposure was low, SIHB proceeded with notifying impacted patients as a precautionary measure. The breach did not involve ransomware or large-scale data theft but highlighted vulnerabilities in email security protocols. The compromised account contained patient-related information, though no evidence suggested misuse of the accessed data. The incident underscored the need for stronger access controls and monitoring within healthcare organizations to prevent similar breaches.
TPRM report: https://www.rankiteo.com/company/seattle-indian-health-board
"id": "sea003091825",
"linkid": "seattle-indian-health-board",
"type": "Cyber Attack",
"date": "8/2016",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '4,579 individuals',
'industry': 'Healthcare',
'location': 'Seattle, Washington, USA',
'name': 'Seattle Indian Health Board (SIHB)',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized access to employee email account',
'customer_advisories': 'Affected patients were notified as a precaution',
'data_breach': {'number_of_records_exposed': '4,579',
'sensitivity_of_data': 'Low',
'type_of_data_compromised': 'Patient information'},
'date_detected': '2016-08-10',
'date_publicly_disclosed': '2017-05-09',
'description': 'The Washington State Office of the Attorney General reported '
'a data breach at the Seattle Indian Health Board (SIHB) on '
'May 9, 2017. The breach occurred on August 10, 2016, due to a '
'cyberattack involving unauthorized access to an employee '
'email account, affecting approximately 4,579 individuals. The '
'investigation indicated a low risk of exposure of patient '
'information, but SIHB opted to notify affected patients as a '
'precaution.',
'impact': {'data_compromised': 'Patient information (low risk of exposure)',
'identity_theft_risk': 'Low',
'systems_affected': ['Employee email account']},
'initial_access_broker': {'entry_point': 'Employee email account'},
'investigation_status': 'Completed (low risk of exposure determined)',
'post_incident_analysis': {'root_causes': 'Unauthorized access to employee '
'email account'},
'references': [{'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington State '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Notification to affected patients as '
'a precaution'},
'title': 'Seattle Indian Health Board (SIHB) Data Breach (2016)',
'type': 'Data Breach'}