VCU Health System experienced a cyber attack for the second time which was reported by a patient that it's personal information has been compromised.
It was found that clinical information, name, social security number, diagnosis and medications” had been inappropriately accessed by an employee.
The client notified the Health system through a letter about the security breach.
Source: https://www.databreaches.net/vcu-patients-personal-information-stolen-twice/
TPRM report: https://scoringcyber.rankiteo.com/company/vcu-health-system
"id": "vcu21020323",
"linkid": "vcu-health-system",
"type": "Data Leak",
"date": "05/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'VCU Health System',
'type': 'Healthcare Provider'}],
'attack_vector': 'Insider Threat',
'data_breach': {'personally_identifiable_information': ['name',
'social security '
'number'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['clinical information',
'name',
'social security number',
'diagnosis',
'medications']},
'description': 'VCU Health System experienced a cyber attack for the second '
"time which was reported by a patient that it's personal "
'information has been compromised. It was found that clinical '
'information, name, social security number, diagnosis and '
'medications had been inappropriately accessed by an employee. '
'The client notified the Health system through a letter about '
'the security breach.',
'impact': {'data_compromised': ['clinical information',
'name',
'social security number',
'diagnosis',
'medications']},
'threat_actor': 'Employee',
'title': 'Data Breach at VCU Health System',
'type': 'Data Breach',
'vulnerability_exploited': 'Employee Access'}