Healthcare Data Breaches

The biggest healthcare data breaches of 2018 (so far)

Healthcare continued to be a lucrative target for hackers in 2017 with weaponized ransomware, misconfigured cloud storage buckets and phishing emails dominating the year. In 2018, these threats will continue and cybercriminals will likely get more creative despite better awareness among healthcare organizations at the executive level for the funding needed to protect themselves.

This collection highlights some of the biggest breaches across the industry – and points to some mistakes to avoid in the future.

The Attacks

Phishing email hack
News

North Carolina-based Catawba Valley Medical Center is notifying 20,000 patients that their...

By Jessica Davis |
phishing key on computer
News

Two employees of the Minnesota Department of Human Services fell for phishing attacks, which...

By Jessica Davis |
medcall breach report
News

For the second time in one month, a researcher discovered North Carolina-based MedCall Healthcare...

By Jessica Davis |
HIPAA compliance audit paper.
News

Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital settled...

By Jessica Davis |
Blue Cross Blue Shield building exterior with logos
News

Philadelphia-based Independence Blue Cross is notifying 16,762 patients -- about 1 percent of its...

By Jessica Davis |
pregnant woman getting an ultrasound
News

The Fetal Diagnostic Institute of the Pacific was hit by a ransomware attack on June 30 that...

By Jessica Davis |
exterior view of Legacy Good Samaritan Hospital in Portland, Oregon
News

Portland, Oregon-based Legacy Health is notifying 38,000 patients that a phishing attack may have...

By Jessica Davis |
Exterior view of Augusta University Hospital in Augusta, Georgia
News

Targeted phishing attacks on Georgia-based Augusta University Health may have breached the...

By Jessica Davis |
exterior of Sobeys pharmacy in Windsor Nova Scotia
News

A pharmacist in Canada has been fined and suspended from practice for six months for spying on...

By Lynne Minion |
UnityPoint Health phishing attack
News

UnityPoint Health is notifying 1.4 million patients that their records may have been breached...

By Jessica Davis |
exterior view of Orlando Orthopaedic Center in Florida
News

A transcriptionist vendor for Orlando Orthopaedic Center made an error during a software upgrade,...

By Jessica Davis |
Ransomware, malware attack in Missouri
News

Missouri-based Blue Springs Family Care reported a breach of 44,979 patient records after hackers...

By Jessica Davis |
Hackers breached one of the largest clinical laboratories in US in July.
News

North Carolina-based LabCorp Diagnostics, one of the largest clinical laboratories in the U.S.,...

By Jessica Davis |
Hackers breach 1.5 million Singapore patient records, including the prime minister's
News

Hackers breached the Singapore government’s health database with a “deliberate, targeted and well...

By Jessica Davis |
phishing attack on Sunspire
News

Several employees of Sunspire Health, a nationwide network of addiction treatment facilities,...

By Jessica Davis |
Phishing attacks breach Alive Hospice
News

Two employees of Tennessee-based Alive Hospice fell for phishing attacks, which potentially...

By Jessica Davis |
Ransomware attack on Cass Regional shuts down EHR
News

Missouri-based Cass Regional Medical Center is currently recovering from a ransomware attack that...

By Jessica Davis |
Phishing attack on Manitowoc County breaches PHI for 3 months
News

A phishing attack on Manitowoc County in Wisconsin potentially breached personal healthcare...

By Jessica Davis |
patient records breached at Med Associates
News

A hack on Albany-based Med Associates may have breached the patient records of more than 270,000...

By Jessica Davis |
Minnesota ransomware attack
News

Minnesota-based Associates in Psychiatry and Psychology is notifying 6,546 of its patients that...

By Jessica Davis |
patients medical records breach of Michigan eye doctor
News

Michigan-based Holland Eye Surgery and Laser Center is notifying 42,200 of its patients that an...

By Jessica Davis |
email phishing breach
News

A phishing attack on Ohio-based Aultman Health Foundation potentially breached the data of 42,600...

By Jessica Davis |
LifeBridge Health reveals breach that compromised health data of 500,000 patients
News

Baltimore-based LifeBridge Health and LifeBridge Potomac Professionals was hit by a malware...

By Beth Jones Sanborn |
Defense Health Agency for DoD IG
News

The electronic health record and security systems at the Defense Health Agency and some Navy and...

By Jessica Davis |
patient records exposed on misconfigured FTP server
News

Arkansas-based MedEvolve misconfigured its FTP server and exposed the data of 205,000 patients...

By Jessica Davis |
OCR investigating Banner Health
News

The U.S Department of Health and Human Services’ Office of Civil Rights is investigating Banner...

By Jessica Davis |
ransomware attacks
News

The California-based Center for Orthopaedic Specialists (COS) is notifying 85,000 of its current...

By Jessica Davis |
UnityPoint Health cyberattack
News

UnityPoint Health in Wisconsin has revealed it was the target of a cyberattack that may have...

By Beth Jones Sanborn |
California medical device manufacturer Inogen data breach
News

California-based Inogen, a manufacturer of portable oxygen concentrators, notified 30,000...

By Jessica Davis |
healthcare breach
News

New York-based Middletown Medical is notifying 63,551 of its patients that their data may have...

By Jessica Davis |
New Jersey Virtua Medical HIPAA breach
News

The New Jersey Attorney General fined Virtua Medical Group for more than $418,000 after a...

By Jessica Davis |
CareFirst breach Maryland
News

A phishing attack on CareFirst BlueCross BlueShield has potentially breached the personal data of...

By Jessica Davis |
healthcare data breach
News

Long Island-based Cohen, Bergman, Klepper, Romano MDs misconfigured its online database, exposing...

By Jessica Davis |
ATI Physical Therapy data breach
News

Illinois-based ATI Physical Therapy is notifying 35,136 patients after several employee email...

By Jessica Davis |
healthcare cybersecurity breach
News

Iowa-based Primary Health Care is notifying patients that a hacker breached four of its employee...

By Jessica Davis |
News

The data of 33,420 patients of BJC HealthCare was left exposed to the internet for eight months...

By Jessica Davis |
St. Peter’s hospital new york breach
News

A malware attack on St. Peter’s Surgery and Endoscopy Center in New York potentially gave hackers...

By Jessica Davis |
veterans affairs health
News

The U.S. Department of Veterans Affairs Office of Inspector General found security at the Orlando...

By Jessica Davis |
Malware attack on UVA Health
News

A hacker breached the University of Virginia Health System, infecting physician devices with...

By Jessica Davis |
HHS breach
News

Fresenius Medical Care North America settled with the U.S. Department of Health and Human...

By Jessica Davis |
News

A limited number of Allscripts services went down Thursday after a ransomware incident, according...

By Jessica Davis |
phishing hack
News

A hacker breached employee email accounts of Onco360 and CareMed Specialty Pharmacy, exposing the...

By Jessica Davis |
Medicaid records breached
News

An unauthorized user hacked into the Oklahoma State University Center for Health Sciences network...

By Jessica Davis |
Ransomware attack indiana
News

Greenfield, Indiana-based Hancock Health was hit by a ransomware attack on Thursday night, which...

By Jessica Davis |
data breach in West Virginia
News

West Virginia-based Coplin Health Systems is notifying 43,000 patients of a potential data breach...

By Jessica Davis |
phishing attack
News

Florida’s Agency of Healthcare Administration is notifying 30,000 Medicaid patients their data...

By Jessica Davis |