The biggest healthcare data breaches of 2018 (so far)

This is the second breach for the health system this year, and the biggest health data breach of 2018 in the U.S.

An investigation into a ransomware attack found hackers peppered Missouri-based Blue Springs Family Care with a variety of malware programs, which gave them full access to its systems.

In what officials say was a "deliberate," highly targeted attack, cybercriminals repeatedly targeted Singapore Prime Minister Lee Hsien Loong’s personal records.

Two employee email accounts were breached by phishing attacks, which potentially gave hackers access to a trove of highly sensitive data that varied by patient.

Hackers hijacked an employee email account and diverted emails sent to the account to another account for which the county did not have access.

While only about 6,500 patients were impacted by a cyberattack on Associates in Psychiatry and Psychology in March, the provider's transparency in its breach notification is a valuable example for other organizations.

A hacker hit some email accounts of Aultman Health Foundation with a phishing attack in February, but officials didn’t discover the breach until March 28.

Inspector general says Defense Health Agency sites failed to consistently implement technical, physical and administrative protocols and may have violated HIPAA regulations in the process.

The Arizona health system is cooperating with the investigation but expects to receive negative findings and a potential fine.

Hospital is advising patients to monitor their explanation of benefits statements to keep an eye suspicious-looking activity.

Middletown Medical left a radiology interface open to the public, exposing patient data in the process.

The Maryland insurer is already involved in a lawsuit stemming from a 2014 breach of about 1.1 million members.

Several employee emails were breached exposing a range of patient data from Medicaid details to Social Security numbers.

An internal scan by the St. Louis-based health system found a misconfigured server could be easily accessed without authentication.

The Florida VA provider set-up its Wi-Fi network without coordinating with the VA’s IT office.

The first enforcement settlement of the year follows an OCR investigation of Fresenius Medical that began in 2013.

Three employee email accounts were hacked in November, exposing PHI, including financial data for some.

The first reported hospital ransomware attack in 2018 was sophisticated – and not caused by an employee opening a malicious email.

An employee of Florida’s healthcare agency fell for a phishing email, which allowed hackers to access Medicaid enrollee data.