Cyber Incident Victim: Onsite Health Diagnostics
Date:
Jan 2014
Location:
United States of America
Summary
A subcontractor providing employee health screenings experienced unauthorized access to its computer systems, compromising personal information of over 60,000 Tennessee workers. The breach involved exposure of names, addresses, dates of birth, email addresses, phone numbers, and genders after an attacker infiltrated an outdated system. The intrusion occurred over several months before detection, with no confirmed identity theft incidents linked to the event. Affected individuals received notifications and were offered complimentary identity theft protection services for one year.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 11, 2014, Onsite Health Diagnostics discovered unauthorized access to its computer systems, potentially compromising the personal information of 60,582 Tennessee employees who had participated in workplace health screenings. The subcontractor, engaged by wellness contractor Healthways to conduct these screenings, determined that an unknown attacker infiltrated an information table within a legacy computer system the company had abandoned in 2013. Forensic analysis indicated the breach may have commenced as early as January 4, 2014, though the exact intrusion timeline remained unconfirmed. The accessed data repository contained names, physical addresses, dates of birth, email addresses, telephone numbers, and gender information. No evidence suggested compromise of medical records, health insurance details, Social Security numbers, or financial account data. Investigators found no indication the attacker exfiltrated data beyond accessing the system, and the abandoned platform's operational status at intrusion remained unspecified in public disclosures.
Healthways and Onsite Health Diagnostics initiated victim notification procedures on or before August 13, 2014, informing all affected individuals through mailed correspondence. The notification outlined the types of exposed personal information and offered recipients complimentary identity theft protection services valid for one year. Public statements confirmed no detected misuse of the compromised data through the disclosure date, with no identity theft cases attributed to the incident. The abandoned system's architecture, access controls, and the specific vulnerability exploited by the attacker were not detailed in available reports. Remediation efforts focused on discontinuing use of the legacy system and reinforcing security protocols for active infrastructure, though technical specifics of these measures were not publicly documented. The incident concluded without regulatory penalties or legal actions disclosed in the examined source material.