11 of the biggest healthcare cyberattacks of 2017

Cyberattacks struck hospitals and health systems at an alarming rate this past year — nearly exceeding the rate of one breach per day.

In fact, the Identity Theft Resource Center found the U.S. medical and healthcare sector experienced roughly 336 data breaches as of Nov. 29, which represents 28 percent of the total 1,202 breaches. That equates to 4.93 million records exposed, or 2.9 percent of the total 172 billion records that have been exposed so far in 2017.

Here is a look back at 11 of biggest healthcare data breaches reported this year, where hospitals, health systems or medical device suppliers indicated more than 100,000 patients had been affected by the security incident. Each incident has been previously published in Becker's Hospital Review or listed in HHS' Office for Civil Rights Breach Portal.

1. The names and personal data of nearly 1 million people throughout Washington state were compromised when a backup hard drive was stolen from a safe belonging to Washington State University's Social and Economic Sciences Research Center in April.

2. A former developer at HealthNow Networks — a shuttered healthcare telemarketing company in Boca Raton, Fla. — uploaded an unencrypted backup database to a virtual server on Amazon Web Services, exposing 918,000 healthcare consumers' records.

3. The OCR Breach Portal indicates Bowling Green, Ky.-based Commonwealth Health Corp. reported a data theft incident compromising 697,800 patient records, which it reported to the agency March 1, but no additional details are available.

4. Airway Oxygen, a Wyoming, Mich.-based home medical equipment supplier, experienced a ransomware attack it discovered in April affecting 500,000 individuals.

5. A privacy breach at a practice site of Oaks, Pa.-based Axia Women's Health, formerly Women's Health Care Group of PA, affected 300,000 patients. The organization discovered the virus in May but determined external hackers had access to its systems since January.

6. Los Angeles-based Pacific Alliance Medical Center recovered from a June ransomware attack that compromised the protected health information of 266,123 patients.

7. In January, Hyde Park, N.Y.-based CoPilot Provider Support Services, a healthcare administrative services and IT organization, reported a data breach affecting 220,000 individuals. CoPilot's database, which healthcare professionals use to advise patients on whether certain treatments are covered by insurance, was illegally accessed.

8. Texas-based Urology Austin notified 200,000 patients in March that their patient information may have been compromised following a January ransomware attack.

9. Atlanta-based Peachtree Neurological Clinic uncovered a 15-month breach to its computer system while investigating a separate ransomware attack. The clinic reported nearly 176,295 patient records were potentially affected.

10. Fayetteville-based Arkansas Oral & Facial Surgery Center notified 128,000 patients of a July ransomware attack on its computer network that may have compromised some patient names, dates of birth and Social Security numbers, among other data.

11. McLaren Medical Group's Mid-Michigan Physicians Imaging Center in Lansing compromised the data of 106,008 patients when it fell victim to a hacking incident, reported in August, according to the OCR Breach Portal.

More articles on cybersecurity:

McAfee: 5 cybersecurity trends to watch in 2018
NHS to spend $26M on security operations following WannaCry attack: 4 things to know
5 questions with Secure-24 Chief Security and Privacy Officer Brian Herr on cloud security

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months