Healthcare Data Breaches

The biggest healthcare data breaches of 2018 (so far)

Healthcare continued to be a lucrative target for hackers in 2017 with weaponized ransomware, misconfigured cloud storage buckets and phishing emails dominating the year. In 2018, these threats will continue and cybercriminals will likely get more creative despite better awareness among healthcare organizations at the executive level for the funding needed to protect themselves.

This collection highlights some of the biggest breaches across the industry – and points to some mistakes to avoid in the future.

Healthcare IT News Staff

The Attacks

Phishing email hack
News

3 phishing hacks breach 20,000 Catawba Valley patient records

North Carolina-based Catawba Valley Medical Center is notifying 20,000 patients that their...

By Jessica Davis |
October 25, 2018
CMS booth at HIMSS17
News

CMS responds to data breach affecting 75,000 in federal ACA portal

By Susan Morse |
October 22, 2018
phishing key on computer
News

Two phishing attacks on Minnesota DHS breach 21,000 patient records

Two employees of the Minnesota Department of Human Services fell for phishing attacks, which...

By Jessica Davis |
October 12, 2018
medcall breach report
News

Update: Misconfigured database breaches thousands of MedCall Advisors patient files

For the second time in one month, a researcher discovered North Carolina-based MedCall Healthcare...

By Jessica Davis |
October 10, 2018
HIPAA compliance audit paper.
News

3 Massachusetts hospitals fined nearly $1 million by OCR for HIPAA violations

Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital settled...

By Jessica Davis |
September 21, 2018
Blue Cross Blue Shield building exterior with logos
News

Employee error exposed data of 16,000 Blue Cross patients online for 3 months

Philadelphia-based Independence Blue Cross is notifying 16,762 patients -- about 1 percent of its...

By Jessica Davis |
September 21, 2018
pregnant woman getting an ultrasound
News

Ransomware attack on fetal diagnostic lab breaches 40,800 patient records

The Fetal Diagnostic Institute of the Pacific was hit by a ransomware attack on June 30 that...

By Jessica Davis |
September 13, 2018
exterior view of Legacy Good Samaritan Hospital in Portland, Oregon
News

Phishing attack breaches 38,000 patient records at Legacy Health

Portland, Oregon-based Legacy Health is notifying 38,000 patients that a phishing attack may have...

By Jessica Davis |
August 22, 2018
Exterior view of Augusta University Hospital in Augusta, Georgia
News

417,000 Augusta University Health patient records breached nearly one year ago

Targeted phishing attacks on Georgia-based Augusta University Health may have breached the...

By Jessica Davis |
August 17, 2018
exterior of Sobeys pharmacy in Windsor Nova Scotia
News

Canadian pharmacist fined for routinely accessing health records of acquaintances

A pharmacist in Canada has been fined and suspended from practice for six months for spying on...

By Lynne Minion |
August 13, 2018
UnityPoint Health phishing attack
News

1.4 million patient records breached in UnityPoint Health phishing attack

UnityPoint Health is notifying 1.4 million patients that their records may have been breached...

By Jessica Davis |
July 31, 2018
exterior view of Orlando Orthopaedic Center in Florida
News

Third-party vendor error exposes data of 19K patients for 2 months

A transcriptionist vendor for Orlando Orthopaedic Center made an error during a software upgrade,...

By Jessica Davis |
August 02, 2018
Ransomware, malware attack in Missouri
News

Ransomware, malware attack breaches 45,000 patient records

Missouri-based Blue Springs Family Care reported a breach of 44,979 patient records after hackers...

By Jessica Davis |
July 26, 2018
Hackers breached one of the largest clinical laboratories in US in July.
News

LabCorp goes down after network breach, putting millions of patient records at risk

North Carolina-based LabCorp Diagnostics, one of the largest clinical laboratories in the U.S.,...

By Jessica Davis |
July 17, 2018
Hackers breach 1.5 million Singapore patient records, including the prime minister's
News

Hackers breach 1.5 million Singapore patient records, including the prime minister's

Hackers breached the Singapore government’s health database with a “deliberate, targeted and well...

By Jessica Davis |
July 20, 2018
phishing attack on Sunspire
News

Patient data exposed for months after phishing attack on Sunspire

Several employees of Sunspire Health, a nationwide network of addiction treatment facilities,...

By Jessica Davis |
July 18, 2018
Phishing attacks breach Alive Hospice
News

Phishing attacks breach Alive Hospice for 1 to 4 months

Two employees of Tennessee-based Alive Hospice fell for phishing attacks, which potentially...

By Jessica Davis |
July 18, 2018
Ransomware attack on Cass Regional shuts down EHR
News

Update: Ransomware attack on Cass Regional shuts down EHR

Missouri-based Cass Regional Medical Center is currently recovering from a ransomware attack that...

By Jessica Davis |
July 11, 2018
Phishing attack on Manitowoc County breaches PHI for 3 months
News

Phishing attack on Manitowoc County breaches PHI for 3 months

A phishing attack on Manitowoc County in Wisconsin potentially breached personal healthcare...

By Jessica Davis |
July 09, 2018
patient records breached at Med Associates
News

270,000 patient records breached in Med Associates hack

A hack on Albany-based Med Associates may have breached the patient records of more than 270,000...

By Jessica Davis |
June 20, 2018
Minnesota ransomware attack
News

Minnesota ransomware attack shows the right way to handle breach response

Minnesota-based Associates in Psychiatry and Psychology is notifying 6,546 of its patients that...

By Jessica Davis |
May 25, 2018
patients medical records breach of Michigan eye doctor
News

42,000 patients impacted by 2016 breach of Michigan provider

Michigan-based Holland Eye Surgery and Laser Center is notifying 42,200 of its patients that an...

By Jessica Davis |
June 04, 2018
email phishing breach
News

Phishing hack on Ohio provider breaches data of 42,000 patients for a month

A phishing attack on Ohio-based Aultman Health Foundation potentially breached the data of 42,600...

By Jessica Davis |
May 29, 2018
LifeBridge Health reveals breach that compromised health data of 500,000 patients
News

LifeBridge Health reveals breach that compromised health data of 500,000 patients

Baltimore-based LifeBridge Health and LifeBridge Potomac Professionals was hit by a malware...

By Beth Jones Sanborn |
May 23, 2018
Defense Health Agency for DoD IG
News

DoD IG finds massive security flaws in Army, Navy EHR and handling of patient data

The electronic health record and security systems at the Defense Health Agency and some Navy and...

By Jessica Davis |
May 08, 2018
patient records exposed on misconfigured FTP server
News

205,000 patient records exposed on misconfigured FTP server

Arkansas-based MedEvolve misconfigured its FTP server and exposed the data of 205,000 patients...

By Jessica Davis |
May 18, 2018
OCR investigating Banner Health
News

OCR investigating Banner Health for 2016 breach of 3.7 million patient records

The U.S Department of Health and Human Services’ Office of Civil Rights is investigating Banner...

By Jessica Davis |
March 21, 2018
ransomware attacks
News

Ransomware attack against California provider breaches data of 85,000 patients

The California-based Center for Orthopaedic Specialists (COS) is notifying 85,000 of its current...

By Jessica Davis |
April 26, 2018
UnityPoint Health cyberattack
News

UnityPoint Health System hit with cyberattack affecting 16,000 patients

UnityPoint Health in Wisconsin has revealed it was the target of a cyberattack that may have...

By Beth Jones Sanborn |
April 20, 2018
California medical device manufacturer Inogen data breach
News

California medical device manufacturer reports breach of 30,000 consumers

California-based Inogen, a manufacturer of portable oxygen concentrators, notified 30,000...

By Jessica Davis |
April 17, 2018
healthcare breach
News

63,500 patient records breached by New York provider's misconfigured database

New York-based Middletown Medical is notifying 63,551 of its patients that their data may have...

By Jessica Davis |
April 12, 2018
New Jersey Virtua Medical HIPAA breach
News

New Jersey fines Virtua Medical $418,000 for HIPAA breach

The New Jersey Attorney General fined Virtua Medical Group for more than $418,000 after a...

By Jessica Davis |
April 09, 2018
CareFirst breach Maryland
News

CareFirst breached again, notifying 6,800 members of phishing attack

A phishing attack on CareFirst BlueCross BlueShield has potentially breached the personal data of...

By Jessica Davis |
April 02, 2018
healthcare data breach
News

Long Island provider exposes data of 42,000 patients in misconfigured database

Long Island-based Cohen, Bergman, Klepper, Romano MDs misconfigured its online database, exposing...

By Jessica Davis |
March 26, 2018
ATI Physical Therapy data breach
News

Email hack on ATI Physical Therapy breaches data of 35,000 patients

Illinois-based ATI Physical Therapy is notifying 35,136 patients after several employee email...

By Jessica Davis |
March 22, 2018
healthcare cybersecurity breach
News

Primary Health Care announces email breach one year after discovery

Iowa-based Primary Health Care is notifying patients that a hacker breached four of its employee...

By Jessica Davis |
March 19, 2018
News

Medical data of 33,000 BJC HealthCare patients exposed online for 8 months

The data of 33,420 patients of BJC HealthCare was left exposed to the internet for eight months...

By Jessica Davis |
March 14, 2018
St. Peter’s hospital new york breach
News

Malware attack causes breach of 134,512 patient records

A malware attack on St. Peter’s Surgery and Endoscopy Center in New York potentially gave hackers...

By Jessica Davis |
March 12, 2018
veterans affairs health
News

VA OIG finds cybersecurity flaws at Orlando VA Medical Center

The U.S. Department of Veterans Affairs Office of Inspector General found security at the Orlando...

By Jessica Davis |
February 09, 2018
Malware attack on UVA Health
News

Malware attack on UVA Health gave hacker access for 19 months

A hacker breached the University of Virginia Health System, infecting physician devices with...

By Jessica Davis |
February 22, 2018
HHS breach
News

5 breaches cost $3.5 million for national provider in HHS settlement

Fresenius Medical Care North America settled with the U.S. Department of Health and Human...

By Jessica Davis |
February 01, 2018
News

Allscripts hit by ransomware, knocking some services offline

A limited number of Allscripts services went down Thursday after a ransomware incident, according...

By Jessica Davis |
January 19, 2018
phishing hack
News

53,000 patient records breached after phishing hack on Onco360, CareMed

A hacker breached employee email accounts of Onco360 and CareMed Specialty Pharmacy, exposing the...

By Jessica Davis |
January 19, 2018
Medicaid records breached
News

Nearly 280,000 Medicaid patient records breached in Oklahoma hack

An unauthorized user hacked into the Oklahoma State University Center for Health Sciences network...

By Jessica Davis |
January 15, 2018
Ransomware attack indiana
News

Ransomware attack on Hancock Health drives providers to pen and paper

Greenfield, Indiana-based Hancock Health was hit by a ransomware attack on Thursday night, which...

By Jessica Davis |
January 15, 2018
data breach in West Virginia
News

Data of 43,000 patients breached after theft of unencrypted laptop

West Virginia-based Coplin Health Systems is notifying 43,000 patients of a potential data breach...

By Jessica Davis |
January 12, 2018
phishing attack
News

Hackers expose data of 30,000 Florida Medicaid patients

Florida’s Agency of Healthcare Administration is notifying 30,000 Medicaid patients their data...

By Jessica Davis |
January 08, 2018

Other special projects

Hackers are prepping for future attacks. Are you?

AI is accelerating, but is healthcare prepared for it?

How to be one of the best hospital IT departments