Healthcare Data Leaks in 1st Half of 2021: Cases with More Than 10K Individuals Affected
According to Market Data Forecast, the North American healthcare market was worth $3.13 billion in 2020 and is set to reach $11.4 Billion by 2025. This makes the healthcare industry a very lucrative target for threat actors.
As a result of cybercriminals taking advantage of the COVID 19 pandemic, we’ve seen an increase in hacking incidents, including ransomware attacks and phishing scams directed toward the healthcare sector. In 2020, there was a 58% increase in the number of confirmed data leaks in the healthcare industry. In total, these incidents exposed almost 12 billion pieces of protected health information (PHI).
The US Department of Health and Human Services Leak Portal recorded 325 new data leaks affecting at least 500 pieces of PHI in the first half of 2021 alone.
Cybercriminals are generally interested in getting hold of records from medical providers which they can either sell or use to commit fraud. In some instances, attackers have gathered healthcare information and filed for insurance claims or obtained expensive medical services and medications under a victim’s name.
See if your email address is pwned
Causes of healthcare data leakes
A total of 235 (72%) of the total number of data leaks reported were the result of hacking/IT incidents such as a compromised network server or hacked email accounts.
Hacking incidents accounted for 96% of all the records leaked in the first half of 2021. There were 71 (22%) unauthorized access incidents reported, and more than 730,000 records were leaked in those incidents. Theft, data loss, and improper disposal resulted in the leak of almost 120,000 individuals’ healthcare records.
Largest data leaks (1st half of 2021)
The table below shows the list of notable data leaks affecting more than 100,000 people in the first half of 2021. Thirty (98%) of these major data leaks were hacking incidents while the other two (affecting the Wyoming Department of Health and Med-Data Incorporated) involved unauthorized access or disclosure.
The largest data leak incident affected the Florida Healthy Kids Corporation and resulted in the exposure of 3.5 million pieces of personal healthcare information.
|Name of Entity||Entity Type||Individuals Affected|
|Florida Healthy Kids Corporation||Health Plan||3,500,000|
|20/20 Eye Care Network, Inc||Business Associate||3,253,822|
|NEC Networks, LLC d/b/a CaptureRx||Business Associate||1,656,569|
|The Kroger Co.||Healthcare Provider||1,474,284|
|American Anesthesiology, Inc.||Healthcare Provider||1,269,074|
|Personal Touch Holding Corp.||Business Associate||753,107|
|Health Net Community Solutions||Health Plan||686,556|
|Hendrick Health||Healthcare Provider||640,436|
|Trinity Health||Business Associate||586,869|
|Wolfe Clinic, P.C.||Healthcare Provider||527,378|
|Health Net of California||Health Plan||523,709|
|Bricker & Eckler LLP||Business Associate||420,532|
|Orthopedic Associates of Dutchess County||Healthcare Provider||331,376|
|Health Center Partners of Southern California||Business Associate||293,516|
|Total Health Care Inc.||Health Plan||221,454|
|Rehoboth McKinley Christian Health Care Services||Healthcare Provider||207,195|
|Woodcreek Provider Services LLC||Business Associate||207,000|
|Northwestern Memorial HealthCare||Healthcare Provider||201,197|
|Trusted Health Plans, Inc.||Health Plan||200,665|
|Roper St. Francis Healthcare||Healthcare Provider||189,761|
|Wyoming Department of Health||Health Plan||164,010|
|Apple Valley Clinic||Healthcare Provider||157,939|
|Five Rivers Health Centers||Healthcare Provider||155,748|
|HME Specialists, LLC dba Home Medical Equipment Holdco, LLC||Healthcare Provider||153,013|
|Health Aid of Ohio, Inc.||Healthcare Provider||141,149|
|SEIU 775 Benefits Group||Business Associate||140,000|
|Med-Data Incorporated||Business Associate||135,908|
|Saint Alphonsus Health System||Healthcare Provider||134,906|
|San Diego Family Care||Healthcare Provider||125,500|
|The Centers for Advanced Orthopaedics||Healthcare Provider||125,291|
|Cancer Treatment Centers of America at Midwestern Regional Medical Center||Healthcare Provider||104,808|
|BW Homecare Holdings, LLC d.b.a. Elara Caring||Healthcare Provider||100,487|
The increasing number of cyberattacks will be a great challenge to the healthcare sector and this is expected to continue to post-pandemic time. With the healthcare sector continuing to move toward a consumer-centered model where people can shop for healthcare products using an endless array of apps and services, more and more personal healthcare information is becoming at-risk because the apps and services require the input of personal data to function.
How Trend Micro can help
Use Trend Micro™ ID Security to find out if your information was leaked in a data leak.
Trend Micro ID Security includes:
- Email Checker: Monitors whether your email account has been involved in a leak
- Credit Card Checker: Finds out if someone has stolen your credit card number due to a leak
- Password Checker: Verifies if you have used a password currently in circulation on the dark web
- Dark Web Personal Data Monitor: Scans the dark web for sensitive personal data such as your bank account number, driver’s license data, social security number, and passport details
Scan the QR code below to download Trend Micro ID Security for Android/iOS now:
Or click the button for more information about Trend Micro ID Security: