California Health & Wellness (CHW) suffered a data breach stemming from a cyber attack on its third-party vendor, Accellion, between January 7 and January 25, 2021. The incident exposed sensitive personal and health-related information of individuals, including names, addresses, dates of birth, health records, and insurance ID numbers. The breach was formally disclosed on March 25, 2021, by the California Office of the Attorney General. The compromised data belonged to CHW’s customers, raising significant concerns over privacy violations and potential misuse of medical and financial details. While the attack targeted Accellion’s file-transfer system, CHW’s association with the vendor made it a secondary victim, highlighting vulnerabilities in supply-chain cybersecurity. The exposure of health information a highly regulated and sensitive data category intensifies the breach’s gravity, as such details can facilitate identity theft, insurance fraud, or targeted phishing scams. The delay between the breach occurrence and its public reporting further underscores challenges in incident response and transparency. Given the nature of the leaked data, affected individuals face long-term risks, including financial exploitation and reputational harm. The breach also erodes trust in CHW’s ability to safeguard confidential information, potentially leading to regulatory scrutiny and legal repercussions under laws like HIPAA (Health Insurance Portability and Accountability Act).
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-539502
TPRM report: https://www.rankiteo.com/company/stallant
"id": "sta958082125",
"linkid": "stallant",
"type": "Cyber Attack",
"date": "1/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California, USA',
'name': 'California Health & Wellness (CHW)',
'type': 'Healthcare Provider'},
{'industry': 'File Transfer Solutions',
'name': 'Accellion',
'type': 'Vendor (Third-Party)'}],
'data_breach': {'data_exfiltration': 'Likely (data exposed in breach)',
'personally_identifiable_information': ['names',
'addresses',
'dates of birth',
'health information',
'insurance ID '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2021-03-25',
'description': 'The California Office of the Attorney General reported that '
'California Health & Wellness (CHW) experienced a data breach '
'due to a cyber attack on its vendor, Accellion, from January '
'7 to January 25, 2021. Personal information potentially '
'exposed includes names, addresses, dates of birth, health '
'information, and insurance ID numbers.',
'impact': {'data_compromised': ['names',
'addresses',
'dates of birth',
'health information',
'insurance ID numbers'],
'identity_theft_risk': 'High (PII and health data exposed)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potentially HIPAA (Health '
'Insurance Portability and '
'Accountability Act)',
'California Consumer '
'Privacy Act (CCPA)'],
'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'California Health & Wellness (CHW) Data Breach via Accellion Cyber '
'Attack',
'type': 'Data Breach'}