The California Office of the Attorney General disclosed a data breach affecting the Center for Autism and Related Disorders (CARD) in October 2020. The incident exposed files containing limited patient health information, including contact details (names, addresses, phone numbers, emails), and in some cases, dates of birth, medical diagnoses, treatment records, and insurance information. While the breach did not involve highly sensitive data like Social Security numbers or financial account details, the exposure of health-related and personally identifiable information (PII) poses risks of identity theft, targeted phishing, or fraudulent use of medical data.The breach highlights vulnerabilities in safeguarding patient confidentiality, particularly for individuals with autism and related disorders, whose medical histories are highly sensitive. The compromised data could enable malicious actors to exploit patients’ diagnostic and treatment details for fraudulent insurance claims, blackmail, or discriminatory practices. Although no evidence of misuse was reported at the time, the incident underscores the reputational and compliance risks for CARD, given its obligation to protect patient data under HIPAA (Health Insurance Portability and Accountability Act) and state privacy laws.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-195154
TPRM report: https://www.rankiteo.com/company/the-center-for-autism-and-related-disorders-inc-card-
"id": "the1016090725",
"linkid": "the-center-for-autism-and-related-disorders-inc-card-",
"type": "Breach",
"date": "10/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Center for Autism and Related Disorders '
'(CARD)',
'type': 'Healthcare Provider'}],
'data_breach': {'data_exfiltration': 'Likely (files accessed)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (health and personal data)',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2020-10-15',
'description': 'The California Office of the Attorney General reported a data '
'breach involving the Center for Autism and Related Disorders '
'(CARD) on October 15, 2020. The breach may have affected '
'files containing limited patient health information, '
'including contact information and in some cases, date of '
'birth, diagnosis, treatment information, and insurance '
'details.',
'impact': {'data_compromised': ['contact information',
'date of birth (in some cases)',
'diagnosis',
'treatment information',
'insurance details'],
'identity_theft_risk': 'Potential (due to PII exposure)'},
'references': [{'date_accessed': '2020-10-15',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (Health '
'Insurance Portability and '
'Accountability Act) '
'violations',
'California Consumer '
'Privacy Act (CCPA) '
'notifications'],
'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at Center for Autism and Related Disorders (CARD)',
'type': 'Data Breach'}