SummaCare

Health insurance provider SummaCare suffered a data security breach incident that compromised its members' information.

A misconfiguration in one of its computer systems allowed certain documents containing the personal information of 1,100 members to be accessible.

The compromised information included names, health insurance ID numbers, patient account numbers, dates of service, provider names, and limited treatment information.

SummaCare took prompt action to remove documents and reconfigured the settings on the involved computer system and notified the impacted individuals.

Source: https://www.beaconjournal.com/story/news/2022/04/08/1-000-members-summacare-affected-data-breach-data-compromise/9509919002/

TPRM report: https://scoringcyber.rankiteo.com/company/summacare

"id": "sum142026522",
"linkid": "summacare",
"type": "Breach",
"date": "04/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 1100,
                        'industry': 'Healthcare',
                        'name': 'SummaCare',
                        'type': 'Health Insurance Provider'}],
 'attack_vector': 'Misconfiguration',
 'data_breach': {'number_of_records_exposed': 1100,
                 'personally_identifiable_information': ['Names',
                                                         'Health insurance ID '
                                                         'numbers',
                                                         'Patient account '
                                                         'numbers',
                                                         'Dates of service',
                                                         'Provider names',
                                                         'Limited treatment '
                                                         'information'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['PII', 'PHI']},
 'description': 'Health insurance provider SummaCare suffered a data security '
                "breach incident that compromised its members' information. A "
                'misconfiguration in one of its computer systems allowed '
                'certain documents containing the personal information of '
                '1,100 members to be accessible. The compromised information '
                'included names, health insurance ID numbers, patient account '
                'numbers, dates of service, provider names, and limited '
                'treatment information. SummaCare took prompt action to remove '
                'documents and reconfigured the settings on the involved '
                'computer system and notified the impacted individuals.',
 'impact': {'data_compromised': ['Names',
                                 'Health insurance ID numbers',
                                 'Patient account numbers',
                                 'Dates of service',
                                 'Provider names',
                                 'Limited treatment information']},
 'post_incident_analysis': {'corrective_actions': ['Removed documents',
                                                   'Reconfigured settings on '
                                                   'the involved computer '
                                                   'system'],
                            'root_causes': 'Misconfiguration in computer '
                                           'system'},
 'response': {'communication_strategy': ['Notified impacted individuals'],
              'containment_measures': ['Removed documents',
                                       'Reconfigured settings on the involved '
                                       'computer system']},
 'title': 'SummaCare Data Security Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Misconfiguration in computer system'}

SummaCare

Microsoft

Young Consulting

IdeaLab