In Part 1 of this article, we have seen healthcare data breaches expanding in both frequency and size, with the biggest one impacting as many as 20 million people.
The motives behind all those cyberattacks are quite transparent: hospitals, health insurance companies, pharmacies, and other healthcare providers maintain records of highly relevant data – in fact, those extra ‘juicy details’ required for identity thefts – than any other industry!
What’s more, the healthcare domain is generally thought of as having rather weak security, and this is not a small problem, particularly when you take into account the extensive reach and scope of the field; almost all of us will have our records somewhere within the healthcare system.
To make you more informed, here’s a recap of five more major healthcare data breaches, and the details of the information they exposed.
- OREGON DEPARTMENT OF HUMAN SERVICES – A Breach That Put 645K People At Risk of Identity Theft
The January data breach that happened at the Department of Human Services opened the confidential data of an eye-popping 645,000 Oregonians. The incident occurred when nine DHS employees clicked dubious links that enabled hackers to access approximately 2 million email accounts.
The breached client information potentially includes names, dates of birth, addresses, Social Security Numbers, health information, and other information used in DHS programs.
What’s more surprising in this case is that the employees of the organization had undergone cybersecurity and privacy training, to spot phishing attempts, before the breach occurred. But still, the scammers were able to get through. This underscores the need for adequate protocols not only to prevent human error but also to add an extra layer of protection against these kinds of attacks when such error occurs.
- COLUMBIA SURGICAL SPECIALIST OF SPOKANE – One More To the Victims List Of Ransomware!
The ransomware attack on Columbia Surgical Specialists that resulted in unauthorized access to the medical records of roughly 400,000 patients was discovered on January 9, 2019.
Files that were encrypted by the ransomware hold vital patient information, including names, Social Security Numbers, and other health information.
The Washington-based healthcare provider paid nearly $15,000 to decrypt patient information that was held hostage in the cyberattack. As the potential pool of victims just shy of half a million, the breach is one of the biggest, reported so far in the year 2019.
- UCONN HEALTH – A Phishing Attack That Exposed PHI of 326,000 Patients
Phishing attacks have led to numerous health security breaches reported recently, including one that the UConn Health reports impacted about 326,000 individuals.
In the incident, an unauthorized third party illegally accessed the employees’ email accounts, containing patient information, including the names, dates of birth, addresses, and medical details such as billing and appointment information. The accounts also held the Social Security Numbers of certain individuals.
The attack re-emphasizes the sobering fact that phishing techniques have become more advanced than in the past. It’s scary stuff, and it leaves anyone who goes to a doctor to worry about the safety of their data! So, it’s up to healthcare firms to do all they can to put multi-layered cybersecurity in position, to avoid and contain incidents like UConn Health data breach.
- NAVICENT HEALTH – Resulted From A Cyberattack On Email Account
Navicent Health, the second-largest hospital in Georgia, has experienced an information security breach, as the result of a cyberattack on the email account system of its employees.
The attack, which took place on July 2018, has compromised patient information that includes names, dates of birth, addresses, limited medical information, and the Social Security Numbers.
On January 24th, 2019, the investigators determined that hackers gained access to the personal information of around 270,000 patients.
- ZOLL SERVICES – The Culprit Is Server Mishap!
On January 24, 2019, ZOLL – a medical device manufacturer, noticed that some email archived by a third-party service provider had been exposed during a server migration happened between November 8, 2018, and December 28, 2018.
The compromised data included patient names, addresses, dates of birth, and limited medical information. Furthermore, a few of the Social Security Numbers were also exposed.
Tracking Common Causes…
Cybercriminals are getting savvier, IT breaches are getting bigger, and the volume of compromised data is unfortunately on the rise.
A quick look at the current data breach trends reveals that ransomware, phishing, as well as misconfigured IT – are the culprits in the “10 Worst Ever Healthcare Data Breaches Of 2019”! It’s also apparent that organizations are still not adequately prepared for breaches even though they are becoming more commonplace.
While IT incidents are ruling the breach victim tally so far, it’s high time that you seek support from an expert Cybersecurity company.