On February 7, 2018, the California Office of the Attorney General reported a data breach involving Sutter Health that occurred on October 11-12, 2017. The breach was the result of a phishing attack on a vendor, Salem and Green, allowing unauthorized access to personal information, including names, Social Security numbers, and California driver’s license numbers, for individuals affiliated with Sutter Health.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-133637
TPRM report: https://www.rankiteo.com/company/sutter-health
"id": "sut151080425",
"linkid": "sutter-health",
"type": "Breach",
"date": "10/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California',
'name': 'Sutter Health',
'type': 'Healthcare Provider'}],
'attack_vector': 'Phishing',
'data_breach': {'personally_identifiable_information': ['names',
'Social Security '
'numbers',
'California driver’s '
'license numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information']},
'date_detected': '2018-02-07',
'date_publicly_disclosed': '2018-02-07',
'description': 'A data breach involving Sutter Health occurred on October '
'11-12, 2017, due to a phishing attack on a vendor, Salem and '
'Green, resulting in unauthorized access to personal '
'information.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'California driver’s license numbers']},
'initial_access_broker': {'entry_point': 'Phishing attack on vendor'},
'post_incident_analysis': {'root_causes': 'Phishing attack on vendor'},
'references': [{'date_accessed': '2018-02-07',
'source': 'California Office of the Attorney General'}],
'title': 'Sutter Health Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Human'}