The Maine Office of the Attorney General disclosed a data breach affecting Sierra Nevada Primary Care Physicians on July 16, 2021, initially detected on May 18, 2021. The incident involved the loss of paper receipts containing personal and financial information, specifically names and credit card numbers of two individuals. While the scope appears limited in terms of affected records, the exposure of payment card data poses risks of fraud or unauthorized transactions. The organization responded by offering identity theft protection services via IDX to mitigate potential harm. The breach did not involve digital intrusion or large-scale data exfiltration but stemmed from physical document mishandling, highlighting vulnerabilities in non-digital record-keeping processes. No evidence suggests broader systemic compromise or ransomware involvement.
TPRM report: https://www.rankiteo.com/company/western-sierra-medical-clinic
"id": "wes155082025",
"linkid": "western-sierra-medical-clinic",
"type": "Breach",
"date": "5/2021",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '2',
'industry': 'Healthcare',
'location': 'Maine, USA (inferred from reporting by '
'Maine AG)',
'name': 'Sierra Nevada Primary Care Physicians',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Identity theft protection services offered to '
'affected individuals',
'data_breach': {'data_encryption': 'No (paper records)',
'data_exfiltration': 'No (physical loss of paper receipts)',
'file_types_exposed': 'Physical (paper receipts)',
'number_of_records_exposed': '2',
'personally_identifiable_information': 'Yes (names and credit '
'card numbers)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information (Names)',
'Payment Information (Credit '
'Card Numbers)']},
'date_detected': '2021-05-18',
'date_publicly_disclosed': '2021-07-16',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Sierra Nevada Primary Care Physicians. The '
'breach involved the loss of paper receipts containing '
'personal information such as names and credit card numbers of '
'two affected individuals. Identity theft protection services '
'were offered through IDX.',
'impact': {'brand_reputation_impact': 'Potential (due to breach disclosure)',
'data_compromised': ['Names', 'Credit Card Numbers'],
'identity_theft_risk': 'High (credit card numbers exposed)',
'payment_information_risk': 'High (credit card numbers exposed)'},
'investigation_status': 'Disclosed (no further details provided)',
'post_incident_analysis': {'root_causes': 'Physical loss of paper receipts '
'containing sensitive information'},
'references': [{'date_accessed': '2021-07-16',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General',
'remediation_measures': 'Offered identity theft protection '
'services to affected individuals',
'third_party_assistance': 'IDX (for identity theft protection '
'services)'},
'title': 'Data Breach at Sierra Nevada Primary Care Physicians',
'type': 'Data Breach (Physical Loss of Records)'}