Cyber Incident Victim: Guardant Health
Date:
Sep 2018
Location:
United States of America
Summary
Guardant Health experienced a phishing attack compromising an employee's email account, leading to unauthorized access of protected health information for approximately 1,100 individuals. The breached data primarily included patients' names, contact details, birth dates, and medical diagnosis codes, with a limited number of Social Security numbers exposed over a five-day period. The company engaged an independent cybersecurity firm to investigate the incident and planned to notify regulators and affected individuals while implementing additional measures to prevent future unauthorized access. Potential penalties and mitigation costs were anticipated as a result of the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In July 2018, Guardant Health, a Redwood City-based liquid biopsy company, experienced a cybersecurity incident involving a phishing attack that compromised one employee’s email account. The unauthorized access occurred over a five-day period, during which an attacker obtained protected health information (PHI) and other personal data belonging to approximately 1,100 individuals. According to the company’s September 5, 2018 SEC filing—submitted as part of its initial public offering preparations—the compromised information primarily included patients’ names, contact details, birth dates, and medical diagnosis codes. A limited number of affected individuals also had their Social Security numbers exposed. Guardant Health discovered the breach internally and initiated an investigation but had not yet notified regulators or impacted parties at the time of the SEC disclosure. The incident marked the first public acknowledgment of the breach, as no prior external reports or regulatory filings existed before the IPO documentation.
Guardant Health engaged an independent cybersecurity firm to conduct a forensic investigation, which remained ongoing as of the September filing. The company stated its intent to provide timely notifications to the U.S. Department of Health and Human Services (HHS), relevant state regulators, and affected individuals once the investigation concluded. In its SEC disclosure, Guardant acknowledged potential penalties under healthcare privacy regulations and anticipated internal and external costs related to mitigating the incident. The firm also emphasized plans to implement additional security measures to prevent future unauthorized access but provided no specific technical or procedural details. The breach’s operational impact appeared confined to the compromised email account, with no evidence suggesting broader system infiltration or disruption to clinical services. Guardant’s disclosure highlighted the incident’s occurrence during a critical period preceding its IPO, though no direct financial or legal consequences were quantified at the time of reporting.