Exploit: Phishing
Atrium Health: Medical System
Risk to Business: 1.601 = Severe
North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts.
Individual Risk: 1.733 = Severe
Patient PII that was exposed included names, addresses, dates of birth and health insurance information. A limited number of patients may have also had their Social Security numbers, driver’s license numbers and financial account numbers compromised in the breach.
How It Could Affect Your Customers’ Business: Healthcare data is always a desirable commodity for bad actors and letting them get their hands on it is always an expensive mistake for healthcare providers.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.