https://www.govinfosecurity.com/former-executive-accessed-phi-nearly-38000-individuals-a-17724
Exploit: Malicious Insider
Premier Patient Healthcare: Medical Clinic Chain
Risk to Business: 1.712=Severe Texas-based accountable care organization Premier Patient Healthcare filed a statement this week detailing a malicious insider incident that caused the exposure of PII for over 37,000 patients from around the country. According to the report, a terminated executive had retained credentials that enabled them to access and obtain an unspecified amount of PHI. No further details were included, and a HIPAA filing has not yet appeared. When the breach first came to light, the company’s early statements pointed to a fault at a vendor, which turned out to not be the case.
Individual Risk: 1.712=Severe The patient records that were accessed included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score for an unspecified number of patients.
Customers Impacted: 8.5 million
How It Could Affect Your Customers’ Business : This incident isn’t just a double helping of embarrassment for Premier Patient Healthcare, it’s also going to be a financial nightmare after regulators get finished with them.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
