Cyber Incident Victim: Cano Health
Date:
May 2018
Location:
United States of America
Summary
Cano Health experienced unauthorized access to three employee email accounts, potentially compromising patient names and personal/health information. The organization discovered the incident during a routine review, securing the accounts and launching an investigation that could not confirm data access but identified possible message forwarding to an external account. Affected individuals received notifications and were offered complimentary credit monitoring services, while the company engaged law enforcement and implemented enhanced security measures to mitigate future risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 13, 2020, Cano Health, LLC discovered unauthorized access to three employee email accounts, potentially compromising patient information. The company initiated an immediate investigation upon detection, securing the affected accounts to prevent further exposure. While investigators could not confirm whether the perpetrator actually viewed or exfiltrated emails, they determined the unauthorized access period spanned approximately two years—from May 18, 2018, until the discovery date. Forensic analysis revealed that messages from these accounts might have been forwarded to an external email address without organizational knowledge. The compromised email accounts contained documents and messages holding patient names alongside other personally identifiable information (PII) and protected health information (PHI). Cano Health could not establish precise intrusion dates within the two-year window but opted to notify all potentially impacted individuals proactively.
Cano Health implemented multiple containment and remediation measures following the breach discovery. The company engaged IT professionals to strengthen security protocols and initiated law enforcement notifications, pledging full cooperation with any official investigations. Between April and June 2020, affected patients received written notifications describing the incident’s scope and recommending vigilance in monitoring financial accounts and benefit statements. The organization established a dedicated call center operating on Eastern Time business hours to address patient inquiries. As precautionary relief, Cano Health offered complimentary credit monitoring services to individuals whose financial data might have been exposed. CEO Dr. Marlow Hernandez-Cano publicly acknowledged the incident, emphasizing the company’s commitment to enhancing information security against evolving threats while apologizing for potential patient concerns. No forensic evidence confirmed actual data access or theft by the perpetrator, but the extended exposure window prompted comprehensive notifications and remediation efforts.