UCHealth suffered from a data breach incident that affected patients and employees data.
The "security issue" gave the hacker access to Diligent software and allowed him to download attachments, including UCHealth information.
Data about patients and employees was contained in those files, names, contact information, dates of birth, and information on medical treatments might all be part of the stolen data, which differed per person.
Some people also had their SSNs and other financial data obtained.
The event didn't compromise any UCHealth systems.
TPRM report: https://scoringcyber.rankiteo.com/company/uchealth
"id": "uch9289223",
"linkid": "uchealth",
"type": "Breach",
"date": "08/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'UCHealth',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access to Diligent Software',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Contact Information',
'Dates of Birth',
'Medical Treatment Information',
'SSNs',
'Financial Data']},
'description': 'UCHealth suffered from a data breach incident that affected '
"patients and employees data. The 'security issue' gave the "
'hacker access to Diligent software and allowed him to '
'download attachments, including UCHealth information. Data '
'about patients and employees was contained in those files, '
'names, contact information, dates of birth, and information '
'on medical treatments might all be part of the stolen data, '
'which differed per person. Some people also had their SSNs '
"and other financial data obtained. The event didn't "
'compromise any UCHealth systems.',
'impact': {'data_compromised': ['Names',
'Contact Information',
'Dates of Birth',
'Medical Treatment Information',
'SSNs',
'Financial Data']},
'title': 'UCHealth Data Breach Incident',
'type': 'Data Breach'}