8 largest healthcare data breaches of 2022 tied to vendors

Eight of the largest healthcare data breaches of 2022 were tied to third-party vendors. Here is the list of the breaches, as reported by Becker's Hospital Review:

1. Advocate Aurora Health: In October, three million patients were impacted by a pixel breach at Advocate Aurora Health, dually headquartered in Downers Grove, Ill., and Milwaukee. The health system said it had installed the tracking pixel on its website to better understand patient behaviors but that the data may have been sent to Google or Facebook parent company Meta. The pixel tool has since been removed from the health system's website.

2. OneTouchPoint: More than 30 health plans were affected by a ransomware attack on printing and mailing vendor OneTouchPoint. The attack led to 2.7 million patients' data being compromised. 

3. Shields Health Care Group: In July, Shields, a third-party vendor that provides MRI, PET/CT and outpatient surgical services for the healthcare sector, reported a data breach that affected an estimated two million patients at over 50 facilities.  
   
   
4. Professional Finance Company: A February ransomware attack on debt collections firm Professional Finance Company affected more than 600 healthcare organizations, causing the data of 1.91 million patients to be compromised.
   
   
5. Baptist Medical Center and Resolute Health: The IT networks at San Antonio, Texas-based Baptist Medical Center and New Braunfels, Texas-based Resolute Health Hospital were infected by malicious code that allowed an unauthorized user to access the personal health information of some patients. Due to the event, the data of 1.71 million patients was compromised.
   
   
6. Community Health Network: The Indianapolis-based health system accidentally disclosed patient data to Meta and Google for marketing purposes, causing 1.5 million individuals' data to be compromised in November.
    
7. Novant Health: The Charlotte, N.C.-based health system notified 1.36 million patients on  Aug. 12 that their protected health information might have been improperly disclosed because of a Facebook tracking tool used in a May 2020 marketing campaign.
   
   
8. Broward Health: On Jan. 2, the Fort Lauderdale, Fla.-based health system notified 1.35 million patients that a hacker gained access to the Broward Health network through an access point connected to one of its service providers.