The California Office of the Attorney General reported a data breach involving UC Davis Health on July 6, 2017. The breach occurred on May 17, 2017, due to unauthorized access to an employee's email account following a phishing event, potentially exposing patients' names, addresses, and diagnoses.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-100113
TPRM report: https://www.rankiteo.com/company/ucdavishealth
"id": "ucd556072825",
"linkid": "ucdavishealth",
"type": "Breach",
"date": "5/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California',
'name': 'UC Davis Health',
'type': 'Healthcare'}],
'attack_vector': 'Phishing',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ["Patients' names",
'Addresses',
'Diagnoses']},
'date_detected': '2017-05-17',
'date_publicly_disclosed': '2017-07-06',
'description': 'The California Office of the Attorney General reported a data '
'breach involving UC Davis Health on July 6, 2017. The breach '
'occurred on May 17, 2017, due to unauthorized access to an '
"employee's email account following a phishing event, "
"potentially exposing patients' names, addresses, and "
'diagnoses.',
'impact': {'data_compromised': ["Patients' names", 'Addresses', 'Diagnoses']},
'initial_access_broker': {'entry_point': 'Email Account'},
'post_incident_analysis': {'root_causes': 'Phishing'},
'references': [{'date_accessed': '2017-07-06',
'source': 'California Office of the Attorney General'}],
'title': 'UC Davis Health Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Email Account'}