The healthcare business suffers among the highest volumes of cyberattacks and there are whispers of much more to come back. Mix this development with breach harm prices surpassing all different industries and also you get the thunderous warning of a devastating cyberattack storm approaching the sector.
To assist healthcare entities strengthen their cyber resilience, we’ve compiled a listing of among the largest information breaches within the healthcare business, ordered by diploma of influence.
When you’re involved about your present stage of information breach resilience, this cybersecurity information for the healthcare business will assist.
The 14 Greatest Knowledge Breaches in Healthcare Ranked by Influence
Every listed occasion is supported with a abstract of the info that was comprised, how the breach occurred, and key learnings to guard you from struggling an analogous destiny.
1. Tricare Knowledge Breach
Date: September 2011
Influence: 5 million sufferers
How did the breach happen?
Tricare, a healthcare program servicing active-duty troops, their dependents, and navy retirees, suffered a major information breach following the theft of backup tapes of digital well being data. The backups have been stolen from the automotive of a person answerable for transporting the tapes between amenities.
It’s unclear whether or not the criminals possessed the required acumen to decrypt the data saved on the tapes, or in the event that they understood what they have been stealing. As a needed precaution, the incident was handled as an information breach.
What information was compromised?
The next information could have been compromised within the Tricare information breach:
Social safety numbersNamesAddressesPhone numbersPersonal well being dataClinical notesLab testsPrescription informationLearn from this information breach
Although the info on these backup tapes was encrypted, the encryption methodology didn’t align with a selected federal normal. To dampen the influence of information breaches reported to HIPAA, an information encryption coverage that aligns with federal requirements ought to be applied.
Learn to select the perfect healthcare assault floor administration product >
2. Group Well being Programs Knowledge Breach
Date: April-June 2014
Influence: 4.5 million sufferers
How did the breach happen?
Cybercriminals believed to be situated in China, exploited a software program vulnerability by deploying high-sophisticated malware resulting in the theft of delicate affected person information. The incident impacted anybody that acquired remedy from a facility related to the neighborhood well being system community within the final 5 years.
What information was compromised?
The next info was compromised within the Group Well being System information breach:
NamesBirth datesSocial Safety numbersPhone numbersAddresses Be taught from this information breach3. UCLA Well being Knowledge Breach
Date: July 2015
Influence: 4.5 million sufferers
How did the breach happen?
UCLA suffered an information breach that’s believed to have began in October 2014, however this exercise didn’t seem to have malicious potential. However in Could of 2015, a cyberattack involving the compromise of delicate affected person info was confirmed.
What information was compromised?
The next information was compromised within the UCLA information breach:
NamesDates of birthSocial safety numbersMedicaidHealth plan identification numbersSome medical dataLearn from this breach
UCLA well being was issued with a $7.5 million high quality for its failure to report the breach in a well timed method, a violation of the breach notification protocol specified underneath HIPAA.
To forestall such breach reporting delays, it’s essential to decide to an intensive investigation every time suspicious community exercise is detected.
4. Advocate Well being Care Knowledge Breach
Date: August 2013
Influence: 4.03 million sufferers
How did the breach happen?
Advocate Well being Care fell sufferer to a collection of information breaches following the theft of 4 private computer systems storing unencrypted medical info pertaining to 4.03 million sufferers.
What information was compromised?
The next information was compromised within the Advocate Well being Care information breach:
NamesAddressesDates of birthCredit card numbers with expiration datesDemographic info Medical informationHealth insurance coverage informationLearn from this information breach
The failure to implement essentially the most primary cybersecurity follow of information encryption was a blatant violation of the info safety requirements outlined in HIPAA. To ship a robust message to different well being entities concerning the implications of such malpractice, Advocate Well being Care Community was modified with a $5.55 million high quality payable to the Well being and Human Providers Division.
To forestall such an final result, bodily safety controls as laid out in ISO 27001 ought to be applied to guard inside gadgets from theft, along with encryption practices throughout all amenities interacting with delicate information.
Learn to select a healthcare cyber threat remediation product >
5. Medical Informatics Engineering Knowledge Breach
Date: July 2015
Influence: 3.9 million sufferers
How did the info breach happen?
Medical Informatics Engineering (MIE), a developer of digital medical report software program, suffered an information breach impacting a minimum of 11 of its healthcare supplier shoppers.
Cybercriminals accessed one among MIE’s servers through the use of a compromised username and password and maintained undetected entry for 19 days. 239 of MIE’s shoppers have been impacted by the breach.
What information was compromised?
The next information could have been compromised within the Medical Informatics Engineering information breach:
NamesTelephone numbersMailing addressesUsernames Hashed passwordsSecurity questions and answersSpousal info Electronic mail addressesDates of birthSocial safety numbersLab outcomes Medical insurance coverage informationDiagnosisDisability codesDoctor namesMedical circumstances Names of childrenBirth statisticsLearn from this information breach
The Workplace for Civil Rights found that the breach occurred as a result of MIE violated HIPPA safety rule 45 CFR § 164.308 which specifies the requirement for thorough threat evaluation to find potential exposures to non-public well being identification. Due to this violation, MIE was given a $100,000 high quality.
To forestall non-compliance with cybersecurity rules, and the ensuing expensive fines, a safety resolution able to mapping particular compliance efforts towards acknowledged safety frameworks ought to be applied.
Cybercriminals have been capable of effortlessly achieve entry to MIE’s non-public community through the use of compromised credentials. To forestall such an occasion, a darkish net monitoring resolution ought to be applied to watch for delicate information leaks that would embrace community entry credentials.
6. Newkirk Merchandise Knowledge Breach
Date: July 2016
Influence: 3.8 million sufferers
How did the info breach happen?
Newkirk Merchandise, as soon as of the most important suppliers of healthcare identification card issuers in the USA, suffered an information breach when cyber criminals gained entry to one among its servers.
Many healthcare entities have been impacted by the occasion, however maybe essentially the most vital sufferer that led to such a excessive influence was insurer Blue Cross Defend, the most important healthcare insurance coverage supplier by enrolment. A number of Blue Cross Defend branches have been related to the compromised information.
What information was compromised?
The next information was compromised within the Newkirk merchandise information breach:
Main care supplier informationMedicaid ID numbersPatient namesNames of dependantsDates of birthInvoice informationLearn from this information breach7. Banner Well being Knowledge Breach
Date: Aug 2016
Influence: 3.62 million sufferers
How did the info breach happen?
Cybercriminals gained entry to one among Banner’s non-public servers, an intrusion that was found upon the invention of bizarre log exercise by Banner Well being workers.
The compromised server was used to course of card fee info from meals retailers throughout completely different Banner Well being areas.
What information was compromised?
The next information was compromised within the Banner Well being information breach:
Affected person namesAddressesBirth datesSocial safety informationAppointment datesPhysician informationHealth insurance coverage informationLearn from this information breach8. Trinity Well being Knowledge Breach
Date: Could 2020
Influence: 3.3 million sufferers
How did the info breach happen?
In Could 2020, Blackbaud, Trinity Well being’s third-party vendor answerable for storing a backup of its donor database, fell sufferer to a ransomware assault try. Trinity Well being, with the help of forensic consultants and regulation enforcement, was capable of efficiently block the ransomware assault try, however not earlier than the hackers exfiltrated a subset of information that included info linked to Trinity Well being.
In violation of the F.B.I’s agency stance towards cybercriminal compliance, Blackbaud paid the cybercriminal’s demand in trade for the stolen database alongside a assure that any copies of the info can be completely destroyed.
As a result of such a assure can’t be confirmed, Trinity Well being handled the occasion as a extremely possible information breach, rating this occasion as the most important information breach within the healthcare business in 2020.
In 2021, Trinity Well being fell sufferer to a different information breach impacting 586,869 sufferers. This incident was a part of a large-scale information breach ensuing from a cyberattack towards third-party file switch platform, Accellion.
What information was compromised?
Based on Trinity Well being, the next affected person info was probably compromised:
Full namesAddressesEmail addressesDates of birthHealthcare providersDates and kinds of well being care servicesMedical report numbersImmunization typesLab outcomes MedicationsClaims informationCertain monetary info (excluding bank card info)Be taught from this information breach9. Shields Healthcare Group Knowledge Breach
Date: March 2022
Influence: 2 million folks
How did the breach happen?
An unknown cyberattacker gained entry to the community server belonging to Shields Healthcare Group from March 7, 2022, to March 21, 2022. The hacker’s presence activated a safety alert on March 18; nevertheless, after investigating the alert, information compromise was not confirmed on the time.
What information was compromised?
Based on Defend’s safety incident discover, information compromise hasn’t but not been confirmed. Nevertheless, given the actual non-public community segments that have been accessed by the cybercriminal, the next kinds of information are liable to compromise:
Full namesSocial safety numbersBirth datesHome AddressesProvider Info Analysis InformationBilling InformationInsurance numbersMedial report numbersPatient IDsOther medical remedy informationLearn from this information breach
Defend’s failure to determine a malicious actor of their community in the course of the preliminary safety alert allowed malicious exercise to proceed for one more three days. A zero-trust method to cyber risk investigation could have resulted in a extra vigorous investigation that may have recognized the presence of an information exfiltration backdoor.
Learn to detect information exfiltration earlier than it’s too late.
10. Broward Well being Knowledge Breach
Date: January 2022
Influence: 1.3 million sufferers
How did the info breach happen?
Broward Well being suffered an information breach by a compromised third-party medical supplier with entry to its affected person database.
It’s speculated that the compromised machine belonging to Brown Well being’s third-party was not implementing Multi-Issue Authentication.
What information was compromised?
The next affected person info was compromised within the Broward Well being information seaside:
NamesAddressesDates of birthDriver’s license numbers Insurance coverage informationMedical informationLearn from this information breach11. Morley Firms Knowledge Breach
Date: February 2022
Influence: 521,046 people
How did the info breach happen?
Morley Firms, a third-party supplier of enterprise providers to Fortune 500 corporations together with medical industries, suffered a ransomware assault ensuing within the publicity of over 521,000 particular person data.
What information was compromised?
The next information was compromised within the Morley Firms information breach:
NamesAddressesSocial safety numbersDates of birthClient identification numbersMedical diagnostic and remedy informationHealth insurance coverage informationLearn from this information breach
Although the assault started on August 1, 2021, Morley waited till February 2022 to inform potential victims. This vital delay positioned Morley at a heightened threat of violating the HIPAA Breach Notification rule – a mistake that would have resulted in a high quality of a minimum of $50,000.
Be taught extra concerning the HIPAA privateness rule and find out how to preserve compliance.
One other key studying from this incident is the same results between ransomware assaults and information breaches. Ransomware assaults additionally end in delicate information publicity when ransom calls for will not be paid in a well timed method. Due to the same outcomes between the 2 occasions, information breach safety controls might additionally help a protection towards ransomware assaults.
12. L’Assurance Maladie Knowledge Breach
Date: March 2022
Influence: 510,000 folks
How did the breach happen?
French insurance coverage physique, L’Assurance Maladie, suffered an information breach after 19 accounts, primarily belonging to pharmacists, have been compromised.
Hackers possible retrieved the passwords for these accounts from a darkish net discussion board internet hosting credentials stolen in earlier information breaches.
What information was compromised?
The stolen information included the next:
NamesSurnamesDates of beginning Social safety numbersGP detailsLevel of reimbursement Be taught from this information breachImplement Multi-Issue Authentication to dam cyber criminals attempting to log in with stolen credentialsImplement an information leak detection resolution to find and shut down delicate information exposures posted on the darkish net.13. ARcare Knowledge Breach
Date: February 2022
Influence: 345,000 folks
How did the breach happen?
Between January 18, 2022, and February 24, cybercriminals maintained unauthorized entry inside ARcare’s pc programs, reviewing and stealing delicate particular person info.
On April 4, it was found that among the stolen information was uncovered on the web. This sample of behaviour – exposing stolen data shortly after a breach – mirrors that of ransomware attackers, suggesting that the incident could have been a ransomware assault.
What information was compromised?
The next information was compromised within the breach:
NamesSocial safety numbersDrivers license numbersState identification numbersDates of BirthFinancial account informationMedical remedy informationPrescription informationMedical prognosis informationCondition informationHealth insurance coverage informationLearn from this information breach
This incident compelled ARcare to evaluate its information safety practices and contemplate superior threat mitigation methods. These aren’t efforts that ought to comply with an information breach. As an alternative, they need to be firmly established nicely earlier than a cyber incident happens. Don’t anticipate an information breach to provoke a evaluate of your safety protocols; evaluate your incident response plans and implement a third-party threat mitigation technique ASAP.
14. OneTouchPoint (OTP)
Date: July 2022
Influence: 2.6 million folks
How did the breach happen?
OneTouchPoint is a third-party mailing and printing vendor that supplied providers primarily to healthcare organizations. OTP first seen a few of its recordsdata had been locked and decrypted in July 2022. After investigation, OTP concluded that their programs had been illegally accessed within the months prior. Shortly after, over 30 healthcare suppliers (together with Blue Defend of California, Kaiser Permanente, Anthem, and Blue Cross) that had been shoppers of OTP started to report information breaches of its medical and affected person data.
What information was compromised?
The next delicate info was uncovered within the breach:
NamesAddressesBirthdaysPatient medical data (immunizations, allergic reactions, vitals, remedy, medical historical past)Affected person demographicsEmployee employment datesEmployee ID numbersService descriptions and datesHealth evaluation take a look at resultsDiagnosis codesLearn from this information breach
Though OTP didn’t launch the precise nature of the breach, the corporate is at the moment present process a class-action lawsuit by the medical corporations claiming that OTP didn’t safeguard delicate medical info that would expose its sufferers to fraud and theft. Moreover, OTP didn’t notify affected organizations and sufferers on time, regardless of discovering out concerning the breach months earlier than preliminary reporting.
To keep away from incidents like these, companies must do an annual evaluate of their safety insurance policies to make sure all safeguards are updated and outfitted to defend towards evolving cyber threats. Moreover, healthcare organizations working with third-party contractors want to make sure their enterprise associates are HIPAA-compliant if they’re dealing with delicate affected person info.
