Healthcare Data Leaks in 1st Half of 2021: Cases with More Than 10K Individuals Affected

Biggest Health Sector Data Breaches – 1st Half of 2021

According to Market Data Forecast, the North American healthcare market was worth $3.13 billion in 2020 and is set to reach $11.4 Billion by 2025. This makes the healthcare industry a very lucrative target for threat actors.

As a result of cybercriminals taking advantage of the COVID 19 pandemic, we’ve seen an increase in hacking incidents, including ransomware attacks and phishing scams directed toward the healthcare sector. In 2020, there was a 58% increase in the number of confirmed data leaks in the healthcare industry.  In total, these incidents exposed almost 12 billion pieces of protected health information (PHI).

The US Department of Health and Human Services Leak Portal recorded 325 new data leaks affecting at least 500 pieces of PHI in the first half of 2021 alone.

US Healthcare data leak for H1

Cybercriminals are generally interested in getting hold of records from medical providers which they can either sell or use to commit fraud. In some instances, attackers have gathered healthcare information and filed for insurance claims or obtained expensive medical services and medications under a victim’s name.

See if your email address is pwned

Causes of healthcare data leakes

A total of 235 (72%) of the total number of data leaks reported were the result of hacking/IT incidents such as a compromised network server or hacked email accounts.
Hacking incidents accounted for 96% of all the records leaked in the first half of 2021. There were 71 (22%) unauthorized access incidents reported, and more than 730,000 records were leaked in those incidents. Theft, data loss, and improper disposal resulted in the leak of almost 120,000 individuals’ healthcare records.

Causes of data leak_0728

Largest data leaks (1st half of 2021)

The table below shows the list of notable data leaks affecting more than 100,000 people in the first half of 2021. Thirty (98%) of these major data leaks were hacking incidents while the other two (affecting the Wyoming Department of Health and Med-Data Incorporated) involved unauthorized access or disclosure.

The largest data leak incident affected the Florida Healthy Kids Corporation and resulted in the exposure of 3.5 million pieces of personal healthcare information.

Name of EntityEntity TypeIndividuals Affected
Florida Healthy Kids CorporationHealth Plan3,500,000
20/20 Eye Care Network, IncBusiness Associate3,253,822
NEC Networks, LLC d/b/a CaptureRxBusiness Associate1,656,569
The Kroger Co.Healthcare Provider1,474,284
American Anesthesiology, Inc.Healthcare Provider1,269,074
Personal Touch Holding Corp.Business Associate753,107
Health Net Community SolutionsHealth Plan686,556
Hendrick HealthHealthcare Provider640,436
Trinity HealthBusiness Associate586,869
Wolfe Clinic, P.C.Healthcare Provider527,378
Health Net of CaliforniaHealth Plan523,709
Bricker & Eckler LLPBusiness Associate420,532
Orthopedic Associates of Dutchess CountyHealthcare Provider331,376
Health Center Partners of Southern CaliforniaBusiness Associate293,516
Total Health Care Inc.Health Plan221,454
Rehoboth McKinley Christian Health Care ServicesHealthcare Provider207,195
Woodcreek Provider Services LLCBusiness Associate207,000
Northwestern Memorial HealthCareHealthcare Provider201,197
Trusted Health Plans, Inc.Health Plan200,665
Roper St. Francis HealthcareHealthcare Provider189,761
Wyoming Department of HealthHealth Plan164,010
Apple Valley ClinicHealthcare Provider157,939
Five Rivers Health CentersHealthcare Provider155,748
HME Specialists, LLC dba Home Medical Equipment Holdco, LLCHealthcare Provider153,013
Health Aid of Ohio, Inc.Healthcare Provider141,149
SEIU 775 Benefits GroupBusiness Associate140,000
Med-Data IncorporatedBusiness Associate135,908
Saint Alphonsus Health SystemHealthcare Provider134,906
San Diego Family CareHealthcare Provider125,500
The Centers for Advanced OrthopaedicsHealthcare Provider125,291
Cancer Treatment Centers of America at Midwestern Regional Medical CenterHealthcare Provider104,808
BW Homecare Holdings, LLC d.b.a. Elara CaringHealthcare Provider100,487

The increasing number of cyberattacks will be a great challenge to the healthcare sector and this is expected to continue to post-pandemic time. With the healthcare sector continuing to move toward a consumer-centered model where people can shop for healthcare products using an endless array of apps and services, more and more personal healthcare information is becoming at-risk because the apps and services require the input of personal data to function.

How Trend Micro can help

Use Trend Micro™ ID Security to find out if your information was leaked in a data leak.

Trend Micro ID Security includes:

  • Email Checker: Monitors whether your email account has been involved in a leak
  • Credit Card Checker: Finds out if someone has stolen your credit card number due to a leak
  • Password Checker: Verifies if you have used a password currently in circulation on the dark web
  • Dark Web Personal Data Monitor: Scans the dark web for sensitive personal data such as your bank account number, driver’s license data, social security number, and passport details

Scan the QR code below to download Trend Micro ID Security for Android/iOS now:

Or click the button for more information about Trend Micro ID Security:

Was this article helpful?

Click each tag to explore related articles.

You Might Also Be Interested In