University of Arkansas Medical Sciences had fired three employees for them sharing an HIV patient’s private medical information with a co-worker.
The records included the patient’s name, age, surgical history, HIV status, and employment information.
Right now, the hospital focuses on helping patients whose privacy was violated.
Source: https://www.ozarksfirst.com/local-news/hiv-patients-records-leaked-uams-fires-3/
TPRM report: https://scoringcyber.rankiteo.com/company/university-of-arkansas-for-medical-sciences
"id": "uni23727722",
"linkid": "university-of-arkansas-for-medical-sciences",
"type": "Data Leak",
"date": "05/2018",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Arkansas, USA',
'name': 'University of Arkansas Medical Sciences',
'type': 'Healthcare'}],
'attack_vector': 'Internal',
'data_breach': {'personally_identifiable_information': ["Patient's name",
'Age',
'Surgical history',
'HIV status',
'Employment '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Health Information '
'(PHI)',
'Personally Identifiable '
'Information (PII)']},
'description': 'University of Arkansas Medical Sciences had fired three '
'employees for them sharing an HIV patient’s private medical '
'information with a co-worker.',
'impact': {'data_compromised': ["Patient's name",
'Age',
'Surgical history',
'HIV status',
'Employment information']},
'motivation': 'Unspecified',
'response': {'remediation_measures': ['Firing the employees responsible']},
'threat_actor': 'Internal Employees',
'title': 'Unauthorized Disclosure of HIV Patient Information',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error'}