5 largest medical data breaches since 2009

The healthcare industry has been a favorite target of hackers, with nearly 5,000 data breaches affecting more than 342 million medical records since 2009, according to an Aug. 24 analysis by researcher Comparitech.

While healthcare breaches have become more frequent in recent years, with 2020 accounting for one-fifth of the total over the 13-year period, the five largest incidents all occurred in 2019 or earlier.

Here are the five largest medical data breaches since 2009 (by the number of individuals affected), according to the report:

1. Anthem (2015): 78.8 million. After an employee opened a spear phishing email, the insurer's IT systems were accessed and the data of nearly 79 million patients was taken. Anthem settled with HHS' Office of Civil Rights for $16 million over potential violations.

2. Optum360 (2018 to 2019): 11.5 million. Hackers accessed the personal and financial information of 11.5 million patients, whose lab bills for Quest Diagnostics were overdue, from contractor American Medical Collection Agency.

3. Premera Blue Cross (2014 to 2015): 11 million. Hackers installed malware via a phishing email, giving them access to Premera Blue Cross' IT system that went unnoticed for seven months. The company paid OCR $6.5 million.

4. LabCorp (2019): 10.2 million. A hacker accessed the payment website of third-party vendor American Medical Collection Agency, exposing personal, financial and medical data of patients. LabCorp terminated its relationship with the company following the breach.

5. Excellus Health Plan (2013 to 2015): 9.3 million. Hackers installed malware in the company's IT system, giving them access to it for nearly two years and leading to the disclosure of 9.3 million records. Excellus settled with OCR for $5.1 million.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars