A Sutter Health employees were fired for accessing medical information without permission.
However, they declined to state how many employees were fired and whose medical records they allegedly looked up.
Their privacy auditing and monitoring technology have detected inappropriate access, and the individuals involved are no longer employed by Sutter Health.
They are notifying the person, or persons, whose data was accessed.
TPRM report: https://scoringcyber.rankiteo.com/company/sutter-health
"id": "sut03315722",
"linkid": "sutter-health",
"type": "Breach",
"date": "06/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Sutter Health',
'type': 'Healthcare Provider'}],
'attack_vector': 'Insider Threat',
'customer_advisories': 'Notification of Affected Individuals',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Medical Information'},
'description': 'Sutter Health employees were fired for accessing medical '
'information without permission. The privacy auditing and '
'monitoring technology detected inappropriate access, and the '
'individuals involved are no longer employed by Sutter Health. '
'They are notifying the person, or persons, whose data was '
'accessed.',
'impact': {'data_compromised': 'Medical Information'},
'investigation_status': 'Completed',
'motivation': 'Unknown',
'post_incident_analysis': {'corrective_actions': 'Termination of Employees, '
'Notification of Affected '
'Individuals',
'root_causes': 'Unauthorized Access by Employees'},
'response': {'communication_strategy': 'Notification of Affected Individuals',
'containment_measures': 'Termination of Employees',
'remediation_measures': 'Notification of Affected Individuals'},
'threat_actor': 'Employees',
'title': 'Sutter Health Employee Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized Access'}