Tennessee Orthopaedic Alliance

Tennessee Orthopaedic Alliance (TOA) suffered a data breach after an unknown party gained access to an employee’s email account.

The breach compromised the data containing former and current patients’ personal or protected health information of more than 81,000 patients contained within two email accounts.

This information included names, dates of birth, contact information (addresses, phone numbers and email addresses), Social Security numbers, health insurance information, treatment or diagnostic information (including codes), and/or treatment cost information.

TOA mailed notifications to those potentially affected and offered complimentary identity protection services through Kroll to those whose Social Security numbers were potentially impacted.

Source: https://www.databreaches.net/tennessee-orthopaedic-alliance-notifies-more-than-81000-patients-after-discovering-two-employee-email-accounts-had-been-compromised/

TPRM report: https://scoringcyber.rankiteo.com/company/tennessee-orthopaedic-alliance

"id": "ten236251122",
"linkid": "tennessee-orthopaedic-alliance",
"type": "Data Leak",
"date": "02/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '81,000 patients',
                        'industry': 'Healthcare',
                        'location': 'Tennessee',
                        'name': 'Tennessee Orthopaedic Alliance',
                        'type': 'Healthcare'}],
 'attack_vector': 'Email Account Compromise',
 'data_breach': {'number_of_records_exposed': '81,000',
                 'personally_identifiable_information': ['Names',
                                                         'Dates of Birth',
                                                         'Contact Information',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Protected Health Information']},
 'description': 'Tennessee Orthopaedic Alliance (TOA) suffered a data breach '
                'after an unknown party gained access to an employee’s email '
                'account. The breach compromised the data containing former '
                'and current patients’ personal or protected health '
                'information of more than 81,000 patients contained within two '
                'email accounts. This information included names, dates of '
                'birth, contact information (addresses, phone numbers and '
                'email addresses), Social Security numbers, health insurance '
                'information, treatment or diagnostic information (including '
                'codes), and/or treatment cost information. TOA mailed '
                'notifications to those potentially affected and offered '
                'complimentary identity protection services through Kroll to '
                'those whose Social Security numbers were potentially '
                'impacted.',
 'impact': {'data_compromised': ['Names',
                                 'Dates of Birth',
                                 'Contact Information',
                                 'Social Security Numbers',
                                 'Health Insurance Information',
                                 'Treatment or Diagnostic Information',
                                 'Treatment Cost Information'],
            'systems_affected': ['Email Accounts']},
 'initial_access_broker': {'entry_point': "Employee's Email Account"},
 'response': {'communication_strategy': 'Mailed notifications to affected '
                                        'individuals',
              'third_party_assistance': 'Kroll'},
 'threat_actor': 'Unknown',
 'title': 'Tennessee Orthopaedic Alliance Data Breach',
 'type': 'Data Breach'}