Southwest Behavioral & Health Services, a Phoenix, Az-based provider of outpatient mental health treatment and psychiatric services, suffered from a data breach incident that exposed 1,337 individuals' information.
After an unauthorized third party gained access to the email account of an employee.
The compromised information includes names, dates of birth, addresses, email addresses, resume information, medical diagnosis information, Social Security numbers, and phone numbers.
They investigated the incident and offered complimentary membership to identity theft protection services through IDX.
Additional security measures have been put in place to stop further email data breaches, according to Southwest Behavioral & Health Services, who also added that the team has received more security awareness training.
TPRM report: https://scoringcyber.rankiteo.com/company/southwest-behavioral-health-services
"id": "sou194111122",
"linkid": "southwest-behavioral-health-services",
"type": "Breach",
"date": "07/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,337 individuals',
'industry': 'Healthcare',
'location': 'Phoenix, Az',
'name': 'Southwest Behavioral & Health Services',
'type': 'Healthcare Provider'}],
'attack_vector': 'Email Account Compromise',
'data_breach': {'number_of_records_exposed': '1,337',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'dates of birth',
'addresses',
'email addresses',
'resume information',
'medical diagnosis information',
'Social Security numbers',
'phone numbers']},
'description': 'Southwest Behavioral & Health Services, a Phoenix, Az-based '
'provider of outpatient mental health treatment and '
'psychiatric services, suffered from a data breach incident '
"that exposed 1,337 individuals' information after an "
'unauthorized third party gained access to the email account '
'of an employee. The compromised information includes names, '
'dates of birth, addresses, email addresses, resume '
'information, medical diagnosis information, Social Security '
'numbers, and phone numbers.',
'impact': {'data_compromised': ['names',
'dates of birth',
'addresses',
'email addresses',
'resume information',
'medical diagnosis information',
'Social Security numbers',
'phone numbers']},
'initial_access_broker': {'entry_point': 'Email Account Compromise'},
'post_incident_analysis': {'corrective_actions': ['Implemented additional '
'security measures',
'Provided more security '
'awareness training to the '
'team']},
'response': {'remediation_measures': ['Offered complimentary membership to '
'identity theft protection services '
'through IDX',
'Implemented additional security '
'measures',
'Provided more security awareness '
'training to the team']},
'threat_actor': 'Unauthorized Third Party',
'title': 'Southwest Behavioral & Health Services Data Breach',
'type': 'Data Breach'}