Top 5 Breaches of Medical Organizations in 2020

Data breach in healthcare facilities has become quite common. With how healthcare is rapidly going digital, this might be why the facilities are most vulnerable. Medical data breaches can adversely affect an organization, and when it happens, they can disclose vital information such as:

  • Patient’s health records
  • Social security numbers
  • Birth dates
  • Names
  • Email and home addresses

Exposing such crucial information fetches a smaller amount of cash than other details such as bank information. However, up to date, it is still unclear what the motives are for stealing medical data.

In 2020, with the onset of the pandemic, healthcare data breaches continued to be rampant. On the other hand, ransomware attacks might have been slower but were still evident, according to various researches.

Here are some notable breaches in medical organizations that took place in 2020.

Health Share of Oregon: 654,300+ Individuals

This data breach involved a stolen laptop during a November break. The incident took place at the GridWorks offices, and no one reported the situation until January. To mitigate this, Health Share resorted to sending apology letters to those affected and offered compensations such as one-year complimentary credit monitoring.

Fortunately, the patient’s health history information was not on the laptop, and it only had details such as names, addresses, Medicaid identification numbers, and social security numbers. This shows that organizations should prioritize security control.

Bjc Health System: 287,876 Individuals

This was also among the most affected organizations by information breaches in 2020. The breach was identified among suspicious emails belonging to three employees. After investigations, it was revealed that an unauthorized person had gained access to private information for quite some time. 

However, the organization could not determine if any personal information of patients such as emails got disclosed.

Florida Orthopaedic Institute: 640,00 Individuals

In April, this institute discovered a ransomware attack that affected more than 600k patients. The information disclosed included names, social security numbers, and other information such as diagnosis codes, FOI claims history, appointment times, addresses, payment accounts, physician locations, and more. 

Affected individuals were alerted about the incident and offered complimentary credit monitoring and guidance on protecting personal information. To avoid similar future incidents in your corporation, you might want to consider the services of an IT company to help mitigate the risks.  

PIH Health: 199,548 Individuals

This organization started alerting patients that their private information had been exposed and was vulnerable to a data breach. In June, a phishing attack took place and compromised the email accounts of PIH employees. It was also identified that the attack had taken place for almost a week.

At first, it was unclear what information was exposed, but after a second investigation, the organization highlighted that data on current and previous patients was on the emails. However, there was no evidence that the data got misused.

Magellan Health: 365,000 Individuals

This is another top information breach that took place in 2020, which resulted from a ransomware attack. The extent of this breach affected the institution’s patients and employees adversely. The attackers were able to impersonate a Magellan client, gaining access to systems before launching the attack.

They managed to steal passwords and employee credentials, which compromised patients’ data. As a result, information such as treatment data and health insurance account details got exposed. In 2019, a similar phishing attack had also affected Magellan Health.

To prevent such events, it would be best for organizations to identify ways to deal with such attacks, and ensure their application and network securities are functional alongside constant updating.

Chris Turn