Healthcare Data Breaches

The biggest healthcare data breaches of 2018 (so far)

Healthcare continued to be a lucrative target for hackers in 2017 with weaponized ransomware, misconfigured cloud storage buckets and phishing emails dominating the year. In 2018, these threats will continue and cybercriminals will likely get more creative despite better awareness among healthcare organizations at the executive level for the funding needed to protect themselves.

This collection highlights some of the biggest breaches across the industry – and points to some mistakes to avoid in the future.

The Attacks

Phishing email hack
News
While investigating one phishing attack in August, medical center officials discovered a hacker had...
By Jessica Davis |
CMS booth at HIMSS17
News
Open enrollment, which begins November 1, will not be negatively impacted, CMS says.
By Susan Morse |
phishing key on computer
News
For more than a month, two separate employee accounts were compromised by the cyberattacks before...
By Jessica Davis |
medcall breach report
News
A researcher discovered the North Carolina-based tech vendor is leaking protected patient data...
By Jessica Davis |
HIPAA compliance audit paper.
News
Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital let...
By Jessica Davis |
Blue Cross Blue Shield building exterior with logos
News
An employee uploaded a file containing member information to a public-facing website in April, but...
By Jessica Davis |
pregnant woman getting an ultrasound
News
The Fetal Diagnostic Institute of the Pacific was able to restore data from backups, and with help...
By Jessica Davis |
exterior view of Legacy Good Samaritan Hospital in Portland, Oregon
News
The hackers went undetected for several weeks at the Portland, Oregon-based health system.
By Jessica Davis |
Exterior view of Augusta University Hospital in Augusta, Georgia
News
The Georgia provider was hit by two cyberattacks in September 2017, but did not explain when the...
By Jessica Davis |
exterior of Sobeys pharmacy in Windsor Nova Scotia
News
She snooped in the EHRs of nearly four dozen people over two years.
By Lynne Minion |
UnityPoint Health phishing attack
News
This is the second breach for the health system this year, and the biggest health data breach of...
By Jessica Davis |
exterior view of Orlando Orthopaedic Center in Florida
News
Orlando Orthopaedic’s transcriptionist vendor misconfigured access to a database during a...
By Jessica Davis |
Ransomware, malware attack in Missouri
News
An investigation into a ransomware attack found hackers peppered Missouri-based Blue Springs Family...
By Jessica Davis |
Hackers breached one of the largest clinical laboratories in US in July.
News
Hackers breached one of the largest clinical laboratories over the weekend, forcing a shutdown of...
By Jessica Davis |
Hackers breach 1.5 million Singapore patient records, including the prime minister's
News
In what officials say was a "deliberate," highly targeted attack, cybercriminals...
By Jessica Davis |
phishing attack on Sunspire
News
Employees fell victim to a targeted phishing campaign, which may have exposed sensitive data for...
By Jessica Davis |
Phishing attacks breach Alive Hospice
News
Two employee email accounts were breached by phishing attacks, which potentially gave hackers...
By Jessica Davis |
Ransomware attack on Cass Regional shuts down EHR
News
Emergency and stroke patients are still being diverted to ensure patients receive the best possible...
By Jessica Davis |
Phishing attack on Manitowoc County breaches PHI for 3 months
News
Hackers hijacked an employee email account and diverted emails sent to the account to another...
By Jessica Davis |
patient records breached at Med Associates
News
The healthcare billing claims vendor discovered a hacker accessed an employee workstation on March...
By Jessica Davis |
Minnesota ransomware attack
News
While only about 6,500 patients were impacted by a cyberattack on Associates in Psychiatry and...
By Jessica Davis |
patients medical records breach of Michigan eye doctor
News
A hacker told Holland Eye Surgery and Laser Center in March that they had accessed a patient list,...
By Jessica Davis |
email phishing breach
News
A hacker hit some email accounts of Aultman Health Foundation with a phishing attack in February,...
By Jessica Davis |
LifeBridge Health reveals breach that compromised health data of 500,000 patients
News
Discovered on March 18, the health system was infected with malware that infected its EMR server,...
By Beth Jones Sanborn |
Defense Health Agency for DoD IG
News
Inspector general says Defense Health Agency sites failed to consistently implement technical,...
By Jessica Davis |
patient records exposed on misconfigured FTP server
News
MedEvolve, a practice management software vendor, left its FTP server open to the public without...
By Jessica Davis |
OCR investigating Banner Health
News
The Arizona health system is cooperating with the investigation but expects to receive negative...
By Jessica Davis |
ransomware attacks
News
Hackers hit the IT vendor of three Center for Orthopaedic Specialists locations in February, which...
By Jessica Davis |
UnityPoint Health cyberattack
News
Hospital is advising patients to monitor their explanation of benefits statements to keep an eye...
By Beth Jones Sanborn |
California medical device manufacturer Inogen data breach
News
Inogen reports a hacker accessed an employee email account for more than two months, according to...
By Jessica Davis |
healthcare breach
News
Middletown Medical left a radiology interface open to the public, exposing patient data in the...
By Jessica Davis |
New Jersey Virtua Medical HIPAA breach
News
The penalty highlights the need for healthcare providers to thoroughly vet third-party vendors to...
By Jessica Davis |
CareFirst breach Maryland
News
The Maryland insurer is already involved in a lawsuit stemming from a 2014 breach of about 1.1...
By Jessica Davis |
healthcare data breach
News
Cohen, Bergman, Klepper, Romano MDs left a database open to the public, containing backup data of 3...
By Jessica Davis |
ATI Physical Therapy data breach
News
Several employee emails were breached exposing a range of patient data from Medicaid details to...
By Jessica Davis |
healthcare cybersecurity breach
News
Hackers broke into four employee email accounts of the Iowa provider, allowing access to a wide...
By Jessica Davis |
News
An internal scan by the St. Louis-based health system found a misconfigured server could be easily...
By Jessica Davis |
St. Peter’s hospital new york breach
News
St. Peter’s Surgery and Endoscopy Center was hit with the second-largest healthcare breach of...
By Jessica Davis |
veterans affairs health
News
The Florida VA provider set-up its Wi-Fi network without coordinating with the VA’s IT office.
By Jessica Davis |
Malware attack on UVA Health
News
The Charlottesville-based provider discovered the breach in December 2017 and has been working with...
By Jessica Davis |
HHS breach
News
The first enforcement settlement of the year follows an OCR investigation of Fresenius Medical that...
By Jessica Davis |
News
Users took to Twitter to complain about the cloud EHR being down, with some unable to access...
By Jessica Davis |
phishing hack
News
Three employee email accounts were hacked in November, exposing PHI, including financial data for...
By Jessica Davis |
Medicaid records breached
News
A hacker gained access to an Oklahoma State Health Sciences network and accessed folders containing...
By Jessica Davis |
Ransomware attack indiana
News
The first reported hospital ransomware attack in 2018 was sophisticated – and not caused by...
By Jessica Davis |
data breach in West Virginia
News
A laptop of a Coplin Health Systems employee was stolen from a car and serves as a reminder to...
By Jessica Davis |
phishing attack
News
An employee of Florida’s healthcare agency fell for a phishing email, which allowed hackers...
By Jessica Davis |