HIPAA journal has revealed the latest Healthcare Data Breach report highlighting millions of compromised healthcare records. With healthcare data breaches at their highest, affecting California and New York the most, this article shares the report’s findings, summary, and the reason behind the sudden spike in targeting cyber-attacks against Healthcare Industry.
HIPAA Journal recently released the May 2022 Healthcare Data Breach report that reveals how critical patient data is also not safe from threat actors. With a 25% spike in healthcare data breaches in the month of May alone, data breaches in healthcare are currently at their highest since last June-July.
With healthcare data breach incidents in various states, New York, Indiana, California, and Missouri, to name a few, the report has highlighted hacking and IT incidents as the most widespread cause of healthcare data breaches, followed by unauthorized access and theft. But it does not stop there. Let us look deeply into all the key findings of the report.
With over 4.4 million health records breached in May 2022, the report shares the records affected, the largest healthcare data breaches of the month across different states. The breaches that exploited network servers, emails, e-records, and devices have affected millions of individuals.
HIPAA journal’s May 2022 Healthcare Data Breach report also shows how the carelessness and sub-par security of business associates, health plans, and healthcare providers lead to exposure to healthcare records. California has suffered the most number of breaches, followed by New York. Here are a few statistics from the report that highlight the seriousness of healthcare data exposure.
Healthcare Data Breach Report Key Statistics
The Healthcare Data Breach report by HIPAA journal revealed the following:
(Healthcare Records Breached from June 2021 to June 2022, Source: HIPAA Journal)
- May 2022 experienced 70 data breaches, involving at least 500 healthcare records in each one, the highest since June 2021, when it was 72.
- The medical records of 4,410,538 individuals were breached in May 2022, nearly twice that of the previous month when the number was 2,160,194.
- Out of 70, May 2022 experienced 53 healthcare data breaches due to hacking or IT incidents, 13 due to unauthorized access or disclosure, and 4 due to loss or theft.
- Threat actors exploited network servers in 31 cases, emails in 23, paper/films in 10, electronic medical records in 8, and PCs in 8 data breaches, with others listed for 1 healthcare data breach.
- The number of reported data breaches in May 2022 across the various states was 8 for California, 6 for New York, and 4 for Georgia, Missouri, and Ohio. With other states experiencing 1 to 3 reports of healthcare data breaches.
Are Your Medical Records Safe As Per the Healthcare Data Breach Report?
With various data breaches occurring in many states, there are chances that your medical data was also leaked. Compromised medical information is highly sensitive and can allow cybercriminals to acquire prescriptions and open new credit accounts in your name.
Sometimes your medical records also contain confidential information such as home addresses, insurance numbers, contact information, etc., that threat actors can exploit in various ways.
Here is an overview of the organizations sorted by the state that suffered data breaches in May 2022, showcasing how and where the breach occurred and the number of affected individuals.
California: California has the highest number of healthcare data breaches.
- Partnership HealthPlan of California with 854,913 affected individuals due to a ransomware attack.
- SAC Health System with 149,940 affected people due to a break-in at their storage facility.
- Alameda Health System with 90,000 affected individuals due to unauthorized email account access.
- Motion Picture Industry Health Plan with 16,838 affected consumers due to a mismailing incident, i.e., disclosure of healthcare information by sending it to wrong emails.
New York: New York saw its fair share of medical record data breaches.
- Heidell, Pittoni, Murphy & Bach, LLP, compromising 114,979 people after suffering a ransomware attack.
- Capsule affecting 27,486 individuals due to unauthorized user account access.
- Emblem Health Plan, Inc. affects 11,399 individuals on Health Plan due to unconfirmed reasons.
Georgia, Missouri & Ohio: There were significant healthcare record data breaches in these states as well.
- Parker-Hannifin Corporation Group Health Plans in Ohio, affecting 119,513 people due to loose cybersecurity, leading to hacking and data theft.
- AU Health in Georgia compromised 50,631 records due to the Eye Care Leaders hacking incident.
- Moyes Eye Center, PC, in Missouri is another organization that suffered from the Eye Care Leaders hacking incident, putting 38,000 records at risk.
- Allwell Behavioral Health Services in Ohio, affecting 29,972 records due to a hacking incident.
- Georgia’s Creative Hospice Care, Inc. dba Homestead Hospice & Palliative Care with 28,332 compromised patient records due to unauthorized email account access.
- Missouri’s Associated Ophthalmologists of Kansas City, PC, with 13,461 compromised patient records due to the Eye Care Leaders hacking incident.
Miscellaneous: These are the healthcare data breaches that occurred across all the other states.
- Alabama: Aesto, LLC d/b/a Aesto Health, affecting 17,400 after a hacking incident.
- Arizona: FPS Medical Center putting 28,024 medical records at risk after a ransomware attack.
- Colorado: Vail Health Services suffering a ransomware attack affecting 17,039 individuals.
- Connecticut: The Shoreline Eye Group affected 57,047 people due to the Eye Care Leaders hacking incident.
- Illinois: Aon PLC with 119,636 affected individuals due to hacking and data theft. And the Finkelstein Eye Associates affected 48,587 people after suffering the Eye Care Leaders hacking incident.
- Indiana: Schneck Medical Center affected 92,311 people due to a hacking incident.
- Kansas: Family Health Care, Inc affecting 33,619, suffering an unspecified hack.
- Massachusetts: The data breach at Shields Health Care Group, Inc. is the most significant one, putting 2 million medical records at risk after suffering a hack. Furthermore, Cornstar, LLC affected 68,957 due to an unspecified hack. And the Behavioral Health Partners of Metrowest, LLC affected 11,288 individuals due to a hacking and data theft incident.
- Michigan: Michigan’s McKenzie Health System affecting 25,318 healthcare records after a hacking incident.
- New Hampshire: NuLife Med, LLC suffered a hack that affected 81,244 individuals.
- New Jersey: Allaire Healthcare Group compromised 13,148 due to unauthorized access to user accounts.
- Oklahoma: Oklahoma City Indian Clinic compromised 38,239 individuals due to a ransomware attack. And the Bryan County Ambulance Authority affected 14,273 people due to a ransomware attack.
- Texas: The Val Verde Regional Medical Center with 86,562 compromised patient records after a ransomware attack.
The Reason Behind the Spike in Healthcare Data Breaches
As evident from the above data, cybersecurity is the main reason for such a significant amount of healthcare records being put at risk. Inadequate cybersecurity practices allow cybercriminals to deploy ransomware into organizational networks, hacking, and data theft via network services, emails, and administrative systems.
Cybercriminals target organizations where they can breach the systems efficiently, and it seems the healthcare industry provides just that these days.
Organizations, healthcare service providers, and health plan providers need to engage in efforts to improve security and minimize risk exposure. Simultaneously, individuals must also adopt cybersecurity best practices, such as strengthening their passwords and refraining from sharing critical information to keep their ends secure.
The latest Healthcare Data Breaches report by HIPAA journal has highlighted how vulnerable the industry is to cyber threats. With over 4.4 million records compromised in May 2022 alone, it is high time that organizations and healthcare service providers focused on their patients and invested in sophisticated phishing protection tools and technology to keep critical healthcare data safe from threat actors.