Exploit: Unsecured business associate portal
BBH: Mental health service provider based in Missouri https://healthitsecurity.com/news/67000-patients-impacted-by-business-associate-breach-from-august-2018

Risk to Small Business: 2.333 = Severe: BBH has sent letters to patients notifying them of a breach that occurred in August of last year. Potential attackers would be able to infiltrate a business associate’s portal to access electronic protected health information (ePHI) and compromise sensitive records. The mental health service provider noted that there was no evidence of unauthorized access, but will be providing free identity monitoring, protection, and reporting from agencies including Equifax, Experian, and TransUnion. Along with the direct costs associated with offering such services to patients, the organization will have to pour funds into reputation management.

Individual Risk: 2.571 = Severe: The exposed records included names, addresses, contact information, DOBs, medical history information, driver’s license numbers and SSNs. Given the amount of time that has lapsed, patients are at high risk and should immediately begin monitoring their identity and credit reports.

Customers Impacted: 67,493 patients
How it Could Affect Your Customers’ Business: As breaches continue to become more commonplace, companies are being held accountable for providing free identity protection for their customers and employees. Such damage can be disabling for small businesses, especially when combined with the costs that come with managing public relations.

Monitoring the Dark Web for stolen credentials is critical for our end customers who want to provide comprehensive security to their efforts. BullPhish ID™ simulates phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime.