An estimated 3716 people were told by the university of north carolina at chapel hill school of medicine that their information had been the target of a cyberattack.
which found that some workers were duped by a phishing scam and that their email accounts may have been compromised.
UNC only mentions that they first confirmed the incident on September 13, 2019, but does not specify when they originally learned of it.
Patients' names, dates of birth, and demographic information including residences, health insurance information, health information, Social Security numbers, financial account information, and/or credit card information were all possible components of the PII/PHI.
TPRM report: https://scoringcyber.rankiteo.com/company/university-of-north-carolina-at-chapel-hill
"id": "uni222723423",
"linkid": "university-of-north-carolina-at-chapel-hill",
"type": "Data Leak",
"date": "11/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '3716',
'industry': 'Education',
'location': 'Chapel Hill, North Carolina',
'name': 'University of North Carolina at Chapel Hill '
'School of Medicine',
'type': 'Educational Institution'}],
'attack_vector': 'Phishing Email',
'data_breach': {'number_of_records_exposed': '3716',
'personally_identifiable_information': ["Patients' names",
'Dates of birth',
'Demographic '
'information',
'Health insurance '
'information',
'Health information',
'Social Security '
'numbers',
'Financial account '
'information',
'Credit card '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['PII', 'PHI']},
'date_publicly_disclosed': '2019-09-13',
'description': 'An estimated 3716 people were told by the University of North '
'Carolina at Chapel Hill School of Medicine that their '
'information had been the target of a cyberattack, which found '
'that some workers were duped by a phishing scam and that '
'their email accounts may have been compromised. UNC only '
'mentions that they first confirmed the incident on September '
'13, 2019, but does not specify when they originally learned '
"of it. Patients' names, dates of birth, and demographic "
'information including residences, health insurance '
'information, health information, Social Security numbers, '
'financial account information, and/or credit card information '
'were all possible components of the PII/PHI.',
'impact': {'data_compromised': ["Patients' names",
'Dates of birth',
'Demographic information',
'Health insurance information',
'Health information',
'Social Security numbers',
'Financial account information',
'Credit card information']},
'initial_access_broker': {'entry_point': 'Phishing Email'},
'post_incident_analysis': {'root_causes': 'Human Error'},
'references': [{'source': 'University of North Carolina at Chapel Hill School '
'of Medicine'}],
'title': 'Phishing Attack on University of North Carolina at Chapel Hill '
'School of Medicine',
'type': 'Phishing',
'vulnerability_exploited': 'Human Error'}