7 largest data breaches of 2015

The healthcare industry lands three top spots
By Jessica Davis
10:20 AM
Share
Keyhole and computer code

More than 720 data breaches occurred this year, and the top seven cyberattacks alone have left more than 193 million personal records open to fraud and identity theft, according to 10Fold Communcations.

Of the seven, the healthcare industry has the dubious honor of three top spots, with the Anthem breach leading the pack.

[See also: Anthem hack: 'Healthcare is a target']

"Our research indicates that cybercriminals are increasingly going after targets in the medical and healthcare verticals, which store valuable patient data that can't be reissued like a credit card," Angela Griffo, vice president of 10Fold's security practice, said in a press statement.

[See also: 2015 healthcare security breaches: a long list]

The top seven breaches affected more than 5 million users, based on 10fold's independent research and third-party resources.

"Security never sleeps," Griffo said. "Each of the top seven data breaches compromised more than 5 million records, indicating that attackers are becoming stealthier, are employing more sophisticated techniques and are going after bigger and more lucrative targets. Looking at the top breaches at year's end allows us to detect patterns while also giving us a glimpse of what we can expect to see in the future."

[See also: Breach leaves docs at risk]

The top 7 breaches:

1. Excellus BlueCross BlueShield: The Excellus BlueCross BlueShield hack was the third-largest healthcare breach of 2015, exposing personal data from more than 10 million members after the company's IT systems were breached, beginning as far back as December 2013.

2. Premera Blue Cross: Premera announced its cyberattack, affecting the data of more than 11 million members, just one month after the Anthem Blue Cross breach. The company discovered the cyberattack in January, but the initial breach occurred in May 2014. Employees of Microsoft, Starbucks and Amazon were some of the customers affected.

3. VTech: Marking the first breach to directly affect children, in November an unauthorized party obtained customer data from the Learning Lodge app store and Kid Connect servers, exposing the data of more than 6 million children and nearly 5 million parent accounts.

4. Experian/T-Mobile: Attackers breached one Experian North America business unit server, containing the personal data of about 15 million T-Mobile customers. The cause was T-Mobile sharing customer information with Experian to process credit checks or financing.

5. OPM: The personal information of more than  21.5 million citizens, including 5.6 million fingerprint records was compromised from the Federal Office of Personnel Management cyberattack, exposing 19.7 million individuals who applied for security clearances, 1.8 million relatives and other government personnel associates and 3.6 million current and former government employees.

6. Ashley Madison: The Impact Team hacker group accessed the Ashley Madison user database, revealing financial records and other proprietary information, including the personal data of 37 million users. The group's manifesto uncovered the "full delete feature" was false and personal information of its users was kept on file.

7. Anthem: In February, Anthem made history as the largest healthcare breach ever recorded. Initially, Anthem estimated approximately 78.8 million highly-sensitive patient records were breached, but that quickly increased to an additional 8.8 to 18.8 million non-patient records. Anthem's attack was just the first of many healthcare breaches of 2015; CareFirst BlueCross BlueShield and the UCLA Health Systems were also hacked.

[See also: Premera Blue Cross hack exposes 11M]

Top Story

Big data beyond hype

Harvard Medical School assistant professor Leonard D’Avolio said the term Big Data needs to be clarified before healthcare providers can make significant strides with related technologies. D’Avolio and colleagues are building an organization called Cyft to deal with these issues.