The healthcare industry was hit by challenges to information security in 2018, with phishing emails, and weaponized ransomware, dominating the year. In the first half of 2019, these threats are found to continue, and cyber criminals got more productive, despite the increased awareness among healthcare businesses at the administrative level for the funding required to protect themselves.
Unfortunately, most people do not realize the gravity of the problem. However, the Healthcare data breaches statistics will make you more competent in the matter.
In the first half of 2019, an alarming number of around 31.6 million records were affected by security incidents in the healthcare domain. That is roughly more than double what the industry experienced during the entire year of 2018, with 14.2 million patient records affected by data breach incidents.
What you will read in the coming few minutes is a meticulously pulled list of the major hospital and health system data security breaches that happened so far this year.
- AMCA – A Breach That Went Over The 20M Mark!
Above 20 million patients have been impacted by the massive security breach at American Medical Collection Agency (AMCA), a billing and collection services provider for some of the giant names in the US medical laboratory testing.
The data breach roughly includes more than 422,000 patients of a subsidiary of OPKO, 7.7 million patients of LabCorp, and 12 million patients of Quest Diagnostics. The details that were obtained by the unauthorized third-party hackers include medical test data, payment data, and Personally Identifiable Information (PII).
The size and scope of this healthcare data breach makes it one of the most serious ever, with the potential for notable risk for AMCA and all the affected organizations.
- DOMINION NATIONAL – Data Breach Discovered 9 Years After It Happened!
A few months before, Virginia-headquartered dental and vision insurer and administrator Dominion National reported a nine-year-long hack on its servers, which possibly breached the personal data of 2.96 million patients.
The team assessed the kind of information that got compromised during the breach, includes the patients’ names, postal addresses, social security numbers, email IDs, taxpayer IDs, bank details, as well as member ID, and subscriber numbers.
Data security breaches are common; however, this one is arguably more critical, taking into account the extent of time that the servers in question left accessible to the cybercriminals. Experts in the industry should view this issue as a potent reminder of the necessity to diligently monitor their networks and associated equipment for any indications of trouble.
- INMEDIATA HEALTH GROUP – A Breach Due To Misconfigured IT Setting
An all too common information security mistake – a misconfigured IT setting – has landed Inmediata, a Puerto Rico-based clearinghouse and cloud software provider, at the top of federal regulators’ list of worst breaches in the health segment in 2019, in an incident affecting approximately 1.6 million people!
In January 2019, the Inmediata officials discovered that some electronic health data was accessible online due to a web page setting that allowed search engines to index internal web pages used by the company for business procedures.
Data compromised in this cybersecurity incident include patients’ names, gender, dates of birth, addresses, and details on medical claims. The Social Security numbers of some people are affected by the breach as well.
- UW MEDICINE – Data Error Leads To Major Data Breach
Nearly 974,000 patients of Seattle-based UW Medicine have had their health information exposed online as a result of the accidental removal of protections on a website server.
The error resulted in sensitive patient details to be accessed by unauthorized individuals on search engines without any requirement for authentication.
The issue was identified by a patient who was carrying out a Google search for his name and found a file holding the information. However, the organization claimed that they removed all the saved files from Google’s servers by January 10, 2019.
What organizations need to notice from this is the need of adding the essential security attributes with the help of a cybersecurity company to make sure they are intact after a change is made.
- WOLVERINE SOLUTIONS GROUP – A Ransomware attack
A late September ransomware attack at Detroit-based Wolverine Solutions Group (WSG), which handles the billing and mailing services for healthcare organizations, had resulted in a data security incident that affected above 8,000 Three Rivers Health patients, 700 companies, and 1.2 million individuals.
The cyberattack began with the download of the Emotet Trojan, which then downloaded the ransomware that encrypted files comprising the protected health information of the patients. The Emotet Trojan has been used in numerous recent attacks too.
Information security breaches are becoming more severe and are under greater scrutiny. The collection of issues described here highlights some of the most significant cybercrimes that happened so far in 2019 across the healthcare industry. In our upcoming article, we will be dissecting five more complicated security infringements that happened in the same period in the healthcare sector.
Stay tuned for Part 2 of this article; don’t miss out to learn from the risks and costs associated with the healthcare data security breaches!