On May 25, 2023, the Maine Office of the Attorney General disclosed a data breach at TransMedics, Inc., a medical technology company. The incident occurred between April 6 and April 11, 2023, when an unauthorized malicious actor gained access to the company’s systems. The breach exposed personal information, including names and Social Security numbers, of five Maine residents.TransMedics responded by offering identity theft protection services to the affected individuals and notified them of the breach. While the scale of the incident appears limited in terms of the number of impacted individuals, the exposure of Social Security numbers a highly sensitive data type poses significant risks, including potential identity theft and financial fraud. The breach underscores vulnerabilities in handling personally identifiable information (PII), particularly within the healthcare and biotech sectors, where such data is a prime target for cybercriminals.
TPRM report: https://www.rankiteo.com/company/transmedics
"id": "tra013091825",
"linkid": "transmedics",
"type": "Breach",
"date": "4/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5 (Maine residents)',
'industry': 'Healthcare / Medical Devices',
'name': 'TransMedics, Inc.',
'type': 'Corporation'},
{'industry': 'Legal / Regulatory',
'location': 'Maine, USA',
'name': 'Maine Office of the Attorney General',
'type': 'Government Agency'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': ['Notification letters to affected individuals'],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': '5',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2023-04-11',
'date_publicly_disclosed': '2023-05-25',
'description': 'On May 25, 2023, the Maine Office of the Attorney General '
'reported a data breach involving TransMedics, Inc. The breach '
'occurred between April 6 and April 11, 2023, resulting from '
'unauthorized access by a malicious actor, potentially '
'affecting personal information including names and Social '
'Security numbers of five Maine residents. TransMedics has '
'offered identity theft protection services and notified the '
'affected individuals.',
'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (PII exposed)'},
'investigation_status': 'Disclosed; Remediation Ongoing',
'post_incident_analysis': {'corrective_actions': ['Identity Theft Protection '
'Services for Affected '
'Individuals']},
'references': [{'date_accessed': '2023-05-25',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': ['Notification to Affected '
'Individuals'],
'incident_response_plan_activated': 'Likely (notification and '
'remediation initiated)',
'remediation_measures': ['Identity Theft Protection Services']},
'threat_actor': 'Malicious Actor',
'title': 'TransMedics, Inc. Data Breach (2023)',
'type': 'Data Breach'}