Healthcare Data Breaches

The biggest healthcare data breaches of 2018 (so far)

Healthcare continued to be a lucrative target for hackers in 2017 with weaponized ransomware, misconfigured cloud storage buckets and phishing emails dominating the year. In 2018, these threats will continue and cybercriminals will likely get more creative despite better awareness among healthcare organizations at the executive level for the funding needed to protect themselves.

This collection highlights some of the biggest breaches across the industry – and points to some mistakes to avoid in the future.

Healthcare IT News Staff

The Attacks

Phishing email hack
News

3 phishing hacks breach 20,000 Catawba Valley patient records

While investigating one phishing attack in August, medical center officials discovered a hacker had...
By Jessica Davis |
October 25, 2018
CMS booth at HIMSS17
News

CMS responds to data breach affecting 75,000 in federal ACA portal

Open enrollment, which begins November 1, will not be negatively impacted, CMS says.
By Susan Morse |
October 22, 2018
phishing key on computer
News

Two phishing attacks on Minnesota DHS breach 21,000 patient records

For more than a month, two separate employee accounts were compromised by the cyberattacks before...
By Jessica Davis |
October 12, 2018
medcall breach report
News

Update: Misconfigured database breaches thousands of MedCall Advisors patient files

A researcher discovered the North Carolina-based tech vendor is leaking protected patient data...
By Jessica Davis |
October 10, 2018
HIPAA compliance audit paper.
News

3 Massachusetts hospitals fined nearly $1 million by OCR for HIPAA violations

Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital let...
By Jessica Davis |
September 21, 2018
Blue Cross Blue Shield building exterior with logos
News

Employee error exposed data of 16,000 Blue Cross patients online for 3 months

An employee uploaded a file containing member information to a public-facing website in April, but...
By Jessica Davis |
September 21, 2018
pregnant woman getting an ultrasound
News

Ransomware attack on fetal diagnostic lab breaches 40,800 patient records

The Fetal Diagnostic Institute of the Pacific was able to restore data from backups, and with help...
By Jessica Davis |
September 13, 2018
exterior view of Legacy Good Samaritan Hospital in Portland, Oregon
News

Phishing attack breaches 38,000 patient records at Legacy Health

The hackers went undetected for several weeks at the Portland, Oregon-based health system.
By Jessica Davis |
August 22, 2018
Exterior view of Augusta University Hospital in Augusta, Georgia
News

417,000 Augusta University Health patient records breached nearly one year ago

The Georgia provider was hit by two cyberattacks in September 2017, but did not explain when the...
By Jessica Davis |
August 17, 2018
exterior of Sobeys pharmacy in Windsor Nova Scotia
News

Canadian pharmacist fined for routinely accessing health records of acquaintances

She snooped in the EHRs of nearly four dozen people over two years.
By Lynne Minion |
August 13, 2018
UnityPoint Health phishing attack
News

1.4 million patient records breached in UnityPoint Health phishing attack

This is the second breach for the health system this year, and the biggest health data breach of...
By Jessica Davis |
July 31, 2018
exterior view of Orlando Orthopaedic Center in Florida
News

Third-party vendor error exposes data of 19K patients for 2 months

Orlando Orthopaedic’s transcriptionist vendor misconfigured access to a database during a...
By Jessica Davis |
August 02, 2018
Ransomware, malware attack in Missouri
News

Ransomware, malware attack breaches 45,000 patient records

An investigation into a ransomware attack found hackers peppered Missouri-based Blue Springs Family...
By Jessica Davis |
July 26, 2018
Hackers breached one of the largest clinical laboratories in US in July.
News

LabCorp goes down after network breach, putting millions of patient records at risk

Hackers breached one of the largest clinical laboratories over the weekend, forcing a shutdown of...
By Jessica Davis |
July 17, 2018
Hackers breach 1.5 million Singapore patient records, including the prime minister's
News

Hackers breach 1.5 million Singapore patient records, including the prime minister's

In what officials say was a "deliberate," highly targeted attack, cybercriminals...
By Jessica Davis |
July 20, 2018
phishing attack on Sunspire
News

Patient data exposed for months after phishing attack on Sunspire

Employees fell victim to a targeted phishing campaign, which may have exposed sensitive data for...
By Jessica Davis |
July 18, 2018
Phishing attacks breach Alive Hospice
News

Phishing attacks breach Alive Hospice for 1 to 4 months

Two employee email accounts were breached by phishing attacks, which potentially gave hackers...
By Jessica Davis |
July 18, 2018
Ransomware attack on Cass Regional shuts down EHR
News

Update: Ransomware attack on Cass Regional shuts down EHR

Emergency and stroke patients are still being diverted to ensure patients receive the best possible...
By Jessica Davis |
July 11, 2018
Phishing attack on Manitowoc County breaches PHI for 3 months
News

Phishing attack on Manitowoc County breaches PHI for 3 months

Hackers hijacked an employee email account and diverted emails sent to the account to another...
By Jessica Davis |
July 09, 2018
patient records breached at Med Associates
News

270,000 patient records breached in Med Associates hack

The healthcare billing claims vendor discovered a hacker accessed an employee workstation on March...
By Jessica Davis |
June 20, 2018
Minnesota ransomware attack
News

Minnesota ransomware attack shows the right way to handle breach response

While only about 6,500 patients were impacted by a cyberattack on Associates in Psychiatry and...
By Jessica Davis |
May 25, 2018
patients medical records breach of Michigan eye doctor
News

42,000 patients impacted by 2016 breach of Michigan provider

A hacker told Holland Eye Surgery and Laser Center in March that they had accessed a patient list,...
By Jessica Davis |
June 04, 2018
email phishing breach
News

Phishing hack on Ohio provider breaches data of 42,000 patients for a month

A hacker hit some email accounts of Aultman Health Foundation with a phishing attack in February,...
By Jessica Davis |
May 29, 2018
LifeBridge Health reveals breach that compromised health data of 500,000 patients
News

LifeBridge Health reveals breach that compromised health data of 500,000 patients

Discovered on March 18, the health system was infected with malware that infected its EMR server,...
By Beth Jones Sanborn |
May 23, 2018
Defense Health Agency for DoD IG
News

DoD IG finds massive security flaws in Army, Navy EHR and handling of patient data

Inspector general says Defense Health Agency sites failed to consistently implement technical,...
By Jessica Davis |
May 08, 2018
patient records exposed on misconfigured FTP server
News

205,000 patient records exposed on misconfigured FTP server

MedEvolve, a practice management software vendor, left its FTP server open to the public without...
By Jessica Davis |
May 18, 2018
OCR investigating Banner Health
News

OCR investigating Banner Health for 2016 breach of 3.7 million patient records

The Arizona health system is cooperating with the investigation but expects to receive negative...
By Jessica Davis |
March 21, 2018
ransomware attacks
News

Ransomware attack against California provider breaches data of 85,000 patients

Hackers hit the IT vendor of three Center for Orthopaedic Specialists locations in February, which...
By Jessica Davis |
April 26, 2018
UnityPoint Health cyberattack
News

UnityPoint Health System hit with cyberattack affecting 16,000 patients

Hospital is advising patients to monitor their explanation of benefits statements to keep an eye...
By Beth Jones Sanborn |
April 20, 2018
California medical device manufacturer Inogen data breach
News

California medical device manufacturer reports breach of 30,000 consumers

Inogen reports a hacker accessed an employee email account for more than two months, according to...
By Jessica Davis |
April 17, 2018
healthcare breach
News

63,500 patient records breached by New York provider's misconfigured database

Middletown Medical left a radiology interface open to the public, exposing patient data in the...
By Jessica Davis |
April 12, 2018
New Jersey Virtua Medical HIPAA breach
News

New Jersey fines Virtua Medical $418,000 for HIPAA breach

The penalty highlights the need for healthcare providers to thoroughly vet third-party vendors to...
By Jessica Davis |
April 09, 2018
CareFirst breach Maryland
News

CareFirst breached again, notifying 6,800 members of phishing attack

The Maryland insurer is already involved in a lawsuit stemming from a 2014 breach of about 1.1...
By Jessica Davis |
April 02, 2018
healthcare data breach
News

Long Island provider exposes data of 42,000 patients in misconfigured database

Cohen, Bergman, Klepper, Romano MDs left a database open to the public, containing backup data of 3...
By Jessica Davis |
March 26, 2018
ATI Physical Therapy data breach
News

Email hack on ATI Physical Therapy breaches data of 35,000 patients

Several employee emails were breached exposing a range of patient data from Medicaid details to...
By Jessica Davis |
March 22, 2018
healthcare cybersecurity breach
News

Primary Health Care announces email breach one year after discovery

Hackers broke into four employee email accounts of the Iowa provider, allowing access to a wide...
By Jessica Davis |
March 19, 2018
News

Medical data of 33,000 BJC HealthCare patients exposed online for 8 months

An internal scan by the St. Louis-based health system found a misconfigured server could be easily...
By Jessica Davis |
March 14, 2018
St. Peter’s hospital new york breach
News

Malware attack causes breach of 134,512 patient records

St. Peter’s Surgery and Endoscopy Center was hit with the second-largest healthcare breach of...
By Jessica Davis |
March 12, 2018
veterans affairs health
News

VA OIG finds cybersecurity flaws at Orlando VA Medical Center

The Florida VA provider set-up its Wi-Fi network without coordinating with the VA’s IT office.
By Jessica Davis |
February 09, 2018
Malware attack on UVA Health
News

Malware attack on UVA Health gave hacker access for 19 months

The Charlottesville-based provider discovered the breach in December 2017 and has been working with...
By Jessica Davis |
February 22, 2018
HHS breach
News

5 breaches cost $3.5 million for national provider in HHS settlement

The first enforcement settlement of the year follows an OCR investigation of Fresenius Medical that...
By Jessica Davis |
February 01, 2018
News

Allscripts hit by ransomware, knocking some services offline

Users took to Twitter to complain about the cloud EHR being down, with some unable to access...
By Jessica Davis |
January 19, 2018
phishing hack
News

53,000 patient records breached after phishing hack on Onco360, CareMed

Three employee email accounts were hacked in November, exposing PHI, including financial data for...
By Jessica Davis |
January 19, 2018
Medicaid records breached
News

Nearly 280,000 Medicaid patient records breached in Oklahoma hack

A hacker gained access to an Oklahoma State Health Sciences network and accessed folders containing...
By Jessica Davis |
January 15, 2018
Ransomware attack indiana
News

Ransomware attack on Hancock Health drives providers to pen and paper

The first reported hospital ransomware attack in 2018 was sophisticated – and not caused by...
By Jessica Davis |
January 15, 2018
data breach in West Virginia
News

Data of 43,000 patients breached after theft of unencrypted laptop

A laptop of a Coplin Health Systems employee was stolen from a car and serves as a reminder to...
By Jessica Davis |
January 12, 2018
phishing attack
News

Hackers expose data of 30,000 Florida Medicaid patients

An employee of Florida’s healthcare agency fell for a phishing email, which allowed hackers...
By Jessica Davis |
January 08, 2018

Other special projects

Hackers are prepping for future attacks. Are you?

AI is accelerating, but is healthcare prepared for it?

How to be one of the best hospital IT departments