Healthcare Data Leaks in 1st Half of 2021: Cases with More Than 10K Individuals Affected

    Biggest Health Sector Data Breaches – 1st Half of 2021

    According to Market Data Forecast, the North American healthcare market was worth $3.13 billion in 2020 and is set to reach $11.4 Billion by 2025. This makes the healthcare industry a very lucrative target for threat actors.

    As a result of cybercriminals taking advantage of the COVID 19 pandemic, we’ve seen an increase in hacking incidents, including ransomware attacks and phishing scams directed toward the healthcare sector. In 2020, there was a 58% increase in the number of confirmed data leaks in the healthcare industry.  In total, these incidents exposed almost 12 billion pieces of protected health information (PHI).

    The US Department of Health and Human Services Leak Portal recorded 325 new data leaks affecting at least 500 pieces of PHI in the first half of 2021 alone.

    US Healthcare data leak for H1

    Cybercriminals are generally interested in getting hold of records from medical providers which they can either sell or use to commit fraud. In some instances, attackers have gathered healthcare information and filed for insurance claims or obtained expensive medical services and medications under a victim’s name.

    See if your email address is pwned

    Causes of healthcare data leakes


    A total of 235 (72%) of the total number of data leaks reported were the result of hacking/IT incidents such as a compromised network server or hacked email accounts.
    Hacking incidents accounted for 96% of all the records leaked in the first half of 2021. There were 71 (22%) unauthorized access incidents reported, and more than 730,000 records were leaked in those incidents. Theft, data loss, and improper disposal resulted in the leak of almost 120,000 individuals’ healthcare records.

    Causes of data leak_0728

    Largest data leaks (1st half of 2021)


    The table below shows the list of notable data leaks affecting more than 100,000 people in the first half of 2021. Thirty (98%) of these major data leaks were hacking incidents while the other two (affecting the Wyoming Department of Health and Med-Data Incorporated) involved unauthorized access or disclosure.

    The largest data leak incident affected the Florida Healthy Kids Corporation and resulted in the exposure of 3.5 million pieces of personal healthcare information.

    Name of EntityEntity TypeIndividuals Affected
    Florida Healthy Kids CorporationHealth Plan3,500,000
    20/20 Eye Care Network, IncBusiness Associate3,253,822
    NEC Networks, LLC d/b/a CaptureRxBusiness Associate1,656,569
    The Kroger Co.Healthcare Provider1,474,284
    American Anesthesiology, Inc.Healthcare Provider1,269,074
    Personal Touch Holding Corp.Business Associate753,107
    Health Net Community SolutionsHealth Plan686,556
    Hendrick HealthHealthcare Provider640,436
    Trinity HealthBusiness Associate586,869
    Wolfe Clinic, P.C.Healthcare Provider527,378
    Health Net of CaliforniaHealth Plan523,709
    Bricker & Eckler LLPBusiness Associate420,532
    Orthopedic Associates of Dutchess CountyHealthcare Provider331,376
    Health Center Partners of Southern CaliforniaBusiness Associate293,516
    Total Health Care Inc.Health Plan221,454
    Rehoboth McKinley Christian Health Care ServicesHealthcare Provider207,195
    Woodcreek Provider Services LLCBusiness Associate207,000
    Northwestern Memorial HealthCareHealthcare Provider201,197
    Trusted Health Plans, Inc.Health Plan200,665
    Roper St. Francis HealthcareHealthcare Provider189,761
    Wyoming Department of HealthHealth Plan164,010
    Apple Valley ClinicHealthcare Provider157,939
    Five Rivers Health CentersHealthcare Provider155,748
    HME Specialists, LLC dba Home Medical Equipment Holdco, LLCHealthcare Provider153,013
    Health Aid of Ohio, Inc.Healthcare Provider141,149
    SEIU 775 Benefits GroupBusiness Associate140,000
    Med-Data IncorporatedBusiness Associate135,908
    Saint Alphonsus Health SystemHealthcare Provider134,906
    San Diego Family CareHealthcare Provider125,500
    The Centers for Advanced OrthopaedicsHealthcare Provider125,291
    Cancer Treatment Centers of America at Midwestern Regional Medical CenterHealthcare Provider104,808
    BW Homecare Holdings, LLC d.b.a. Elara CaringHealthcare Provider100,487

    The increasing number of cyberattacks will be a great challenge to the healthcare sector and this is expected to continue to post-pandemic time. With the healthcare sector continuing to move toward a consumer-centered model where people can shop for healthcare products using an endless array of apps and services, more and more personal healthcare information is becoming at-risk because the apps and services require the input of personal data to function.

    How Trend Micro can help

    Use Trend Micro™ ID Security to find out if your information was leaked in a data leak.

    Trend Micro ID Security includes:

    • Email Checker: Monitors whether your email account has been involved in a leak
    • Credit Card Checker: Finds out if someone has stolen your credit card number due to a leak
    • Password Checker: Verifies if you have used a password currently in circulation on the dark web
    • Dark Web Personal Data Monitor: Scans the dark web for sensitive personal data such as your bank account number, driver’s license data, social security number, and passport details

    Scan the QR code below to download Trend Micro ID Security for Android/iOS now:

    Or click the button for more information about Trend Micro ID Security:

    Post a comment

    Your email address won't be shown publicly.

    0 Comments