A data breach at Christie Clinic exposes over 500,000 patients’ personal information

A data breach at Christie Clinic exposes over 500,000 patients’ personal information

https://www.securityweek.com/500000-impacted-email-breach-illinois-healthcare-firm

Exploit: Business Email Compromise
Christie Clinic: Healthcare Provider

-Hastings-featuredimg

Risk to Business: 1.802 = Severe

Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.

eResearch-Technology-img2

Risk to Individual: 2.771 = Moderate

Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.

How It Could Affect Your Customers’ Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.