The Little Clinic (TLC) had a failure in TLC’s online appointment functionality.
Patients have had their protected health information (PHI) compromised due to a failure.
If a patient made an appointment and modified that appointment online, certain patient data could have been accessible by third-party domains.
It was determined that 10,974 patients were affected across several states.
The PHI exposed was limited to the patient’s name, date of birth, phone number, and address.
The issue began on October 7, 2018, and was discovered in February 2020.
TPRM report: https://scoringcyber.rankiteo.com/company/the-little-clinic
"id": "the2130291222",
"linkid": "the-little-clinic",
"type": "Data Leak",
"date": "02/2020",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 10974,
'industry': 'Healthcare',
'location': 'Several states',
'name': 'The Little Clinic',
'type': 'Healthcare Provider'}],
'attack_vector': 'Software Vulnerability',
'data_breach': {'number_of_records_exposed': 10974,
'personally_identifiable_information': ['Name',
'Date of birth',
'Phone number',
'Address'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'PHI'},
'date_detected': 'February 2020',
'description': 'The Little Clinic (TLC) experienced a failure in their online '
'appointment functionality, leading to the exposure of '
'protected health information (PHI) of patients.',
'impact': {'data_compromised': ['Patient’s name',
'Date of birth',
'Phone number',
'Address']},
'post_incident_analysis': {'root_causes': 'Failure in online appointment '
'functionality'},
'title': 'Data Leak at The Little Clinic',
'type': 'Data Leak',
'vulnerability_exploited': 'Online appointment functionality failure'}