UAMS - University of Arkansas for Medical Sciences

University of Arkansas for Medical Sciences suffered a data breach after a former employee sent emails from her UAMS email to her personal Gmail account.

The email included excel spreadsheets containing personal information, internal billing compliance auditing purposes and/or billing statements, dates of service, insurance type, claim information for billing purposes and medical record numbers of 518 patients.

UAMS investigated the incident and unable the access of the employee.

Source: https://www.databreaches.net/university-of-arkansas-for-medical-sciences-notifying-518-patients-after-employee-emailed-phi-to-her-personal-gmail-account/

TPRM report: https://scoringcyber.rankiteo.com/company/uams

"id": "uam03724422",
"linkid": "uams",
"type": "Breach",
"date": "01/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 518,
                        'industry': 'Healthcare',
                        'location': 'Arkansas, USA',
                        'name': 'University of Arkansas for Medical Sciences',
                        'type': 'Medical Institution'}],
 'attack_vector': 'Email',
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['Excel Spreadsheets'],
                 'number_of_records_exposed': 518,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Billing Compliance Auditing '
                                              'Data',
                                              'Billing Statements',
                                              'Dates of Service',
                                              'Insurance Type',
                                              'Claim Information',
                                              'Medical Record Numbers']},
 'description': 'University of Arkansas for Medical Sciences suffered a data '
                'breach after a former employee sent emails from her UAMS '
                'email to her personal Gmail account. The email included excel '
                'spreadsheets containing personal information, internal '
                'billing compliance auditing purposes and/or billing '
                'statements, dates of service, insurance type, claim '
                'information for billing purposes and medical record numbers '
                'of 518 patients.',
 'impact': {'data_compromised': ['Personal Information',
                                 'Billing Compliance Auditing Data',
                                 'Billing Statements',
                                 'Dates of Service',
                                 'Insurance Type',
                                 'Claim Information',
                                 'Medical Record Numbers']},
 'investigation_status': 'Completed',
 'post_incident_analysis': {'corrective_actions': 'Disabling Employee Access',
                            'root_causes': 'Unauthorized Data Transfer by '
                                           'Former Employee'},
 'response': {'containment_measures': "Disabling the employee's access"},
 'threat_actor': 'Former Employee',
 'title': 'Data Breach at University of Arkansas for Medical Sciences',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unauthorized Data Transfer'}