A misconfigured database at Serviceaide exposed sensitive health and personal information of approximately 500,000 patients linked to Catholic Health, a non-profit healthcare system based in New York. The data leak occurred between September 19 and November 5, 2024, and was discovered on November 15, 2024. The exposed data included full names, dates of birth, prescription data, Social Security numbers, health insurance details, healthcare provider information, treatment and clinical information, medical record and account numbers, email addresses, usernames, and passwords. Although there’s no confirmed evidence that the data was downloaded or misused, the company admitted it cannot rule out that possibility.
Source: https://hackread.com/serviceaide-leak-catholic-health-patients-records/
TPRM report: https://scoringcyber.rankiteo.com/company/serviceaideinc
"id": "ser854052025",
"linkid": "serviceaideinc",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '500,000 patients',
'industry': 'Healthcare',
'location': 'New York',
'name': 'Catholic Health',
'type': 'Non-profit Healthcare System'}],
'attack_vector': 'Misconfigured Database',
'data_breach': {'data_exfiltration': 'Possible',
'number_of_records_exposed': '500,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Dates of birth',
'Prescription data',
'Social Security numbers',
'Health insurance details',
'Healthcare provider information',
'Treatment and clinical '
'information',
'Medical record and account '
'numbers',
'Email addresses',
'Usernames',
'Passwords']},
'date_detected': '2024-11-15',
'description': 'A misconfigured database at Serviceaide exposed sensitive '
'health and personal information of approximately 500,000 '
'patients linked to Catholic Health, a non-profit healthcare '
'system based in New York. The data leak occurred between '
'September 19 and November 5, 2024, and was discovered on '
'November 15, 2024. The exposed data included full names, '
'dates of birth, prescription data, Social Security numbers, '
'health insurance details, healthcare provider information, '
'treatment and clinical information, medical record and '
'account numbers, email addresses, usernames, and passwords. '
'Although there’s no confirmed evidence that the data was '
'downloaded or misused, the company admitted it cannot rule '
'out that possibility.',
'impact': {'data_compromised': 'Health and personal information',
'identity_theft_risk': 'Possible',
'systems_affected': 'Database'},
'threat_actor': 'Unknown',
'title': 'Data Leak at Catholic Health due to Misconfigured Database',
'type': 'Data Leak',
'vulnerability_exploited': 'Misconfiguration'}