Quantcast
Channel: Healthcare IT News - Electronic Health Records (EHR, EMR)
Viewing all articles
Browse latest Browse all 1989

The biggest healthcare breaches of 2017 (so far)

$
0
0
Author: 
Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20slideshow.png
Slideshow Description: 

Healthcare proved itself a lucrative target for hackers in 2016, and so far 2017 is, unfortunately, following suit. From organizations with exposed, unused websites to unencrypted storage drives, health organizations appear to still have much to learn about security.

This gallery highlights some of the biggest breaches across the industry – and points to some mistakes to avoid in the future.

Updated June 26, 2017

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach500k.png
Slideshow Title: 
Airway Oxygen
Slideshow Description: 

Michigan-based Airway Oxygen was hit by a ransomware attack in April that may have compromised the data of 500,000 clients, the home medical equipment supplier reported to the U.S. Department of Health and Human Services on June 23. The hacker gained access to the network and installed ransomware, which shut employees out of the system where personal health information was stored.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-6K.png
Slideshow Description: 

Data has been dumped from two healthcare providers in a game the hacker, TheDarkOverlord, is calling: “A Business a Day.” The hacker leaked 6,000 patient records on June 8 from Feinstein & Roe MDs in Los Angeles and 6,300 patient records from La Quinta Center for Cosmetic Dentistry on June 9.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-1M.png
Slideshow Description: 

A hard drive containing the personal data of about 1 million people was stolen from Washington State University in April. The University discovered a locked safe that contained the hard drive was stolen from a WSU storage unit in Olympia. The stolen data is from survey participants and contained names, Social Security numbers and, for some, personal health data.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-undisclosed.png
Slideshow Description: 

California-based Torrance Memorial Medical Center notified patients that two email accounts containing work-related reports were hit by a phishing attack in April. Officials didn’t reveal how many patients were affected, and the incident is not on the Office of Civil Rights’ breach reporting site.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%204-8million.png
Slideshow Title: 
Molina Healthcare
Slideshow Description: 

Molina Healthcare, a major Medicaid and Affordable Care Act insurer, shut down its patient portal on May 26 in response to a security flaw that exposed patient medical claims data without requiring authentication, according to security researche Ben Krebs. At the time, it’s unclear how long the vulnerability was in place. Ben Krebs was first made aware of the security flaw in April through an anonymous tip, which could allow any Molina patient to access other patients’ medical claims by simply changing a single number in the URL.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/breaches-150-countries.png
Slideshow Title: 
National Health Service in England and Scotland
Slideshow Description: 

The National Health Service in England and Scotland was hit by a large ransomware attack that has affected at least 16 of its organizations on May 12. The organization launched an investigation and determined the ransomware is likely the Wanna Decrytor. It’s one of the most effective ransomware variants on the dark web, and at the moment, there is no decryptor available. Within two days, 150 countries were affected by the #wannacry ransomware.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2014633k.png
Slideshow Title: 
New Jersey Diamond Institute
Slideshow Description: 

The third-party server that hosts the electronic health records of New Jersey Diamond Institute for Fertility and Menopause was hacked by an unauthorized individual, exposing protected health information of 14,633 patients.

The database and EHR system was encrypted, which prevented the hackers from gaining access, officials said. However, many supporting documents stored on the hacked server were left unencrypted and could have been accessed.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2093k.png
Slideshow Title: 
Harrisburg Gastroenterology
Slideshow Description: 

Pennsylvania-based Harrisburg Gastroenterology is notifying patients that their records might have been breached. The Health and Human Services Department’s Office for Civil Rights’ Wall of Shame lists the breach at 93,323 records on a network server exposed because of a hacking/IT incident.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20millions.png
Slideshow Title: 
Bronx-Lebanon Hospital Center
Slideshow Description: 

Tens of thousands, and possibly up to millions, of patient records at Bronx-Lebanon Hospital Center in New York City were exposed in a recent data breach, according to the Kromtech Security Research Center, which uncovered the records on May 3. The records were part of a backup managed by iHealth Innovations, the research center said.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20180k.png
Slideshow Title: 
Aesthetic Dentistry and OC Gastrocare
Slideshow Description: 

Dark Web hacker TheDarkOverlord has released 180,000 patient records from three hacks, DataBreaches.net revealed May 4. More than 3,400 patient records were released from New York City-based Aesthetic Dentistry, 34,100 from California’s OC Gastocare and 142,000 Tampa Bay Surgery Center. TDO used a Twitter account to post a link to a site that allows any user to download the patient databases from these organizations.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20500k.png
Slideshow Title: 
Children health records
Slideshow Description: 

The patient records of about 500,000 children are up for grabs on the dark web, a hacker named Skyscraper told DataBreaches.net on April 26. These records contain both child and parent names, Social Security numbers, phone numbers and addresses. DataBreaches didn’t name the breached organizations but also said that another 200,000 records were stolen from elementary schools. The amount of breached records for pediatricians reported to the Department of Health and Human Services’ Office of Civil Rights is not equal to that number, meaning many of these providers are likely unaware their data has been exposed.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2020k.png
Slideshow Title: 
Lifespan
Slideshow Description: 

Providence-based Lifespan, Rhode Island's largest health network, has notified about 20,000 of its patients that a laptop theft may have exposed their sensitive information. The health organization said an employee's MacBook was taken after a car break-in on Feb. 25. The employee immediately contacted both law enforcement and Lifespan officials, who were able to change the employee’s credentials used to access Lifespan system resources.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20918k.png
Slideshow Title: 
HealthNow Networks
Slideshow Description: 

The personal health data of 918,000 seniors was posted online for months, after a software developer working for HealthNow Networks uploaded a backup database to the internet, an investigation by ZDNet and DataBreaches.net found. Boca Raton, Florida-based HealthNow Networks is a telemarketing company that used to provide medical supplies to mostly seniors who rely on diabetic equipment. However, it’s no longer a registered business as of 2015, when it failed to file an annual report with Florida authorities. The software developer was contracted to build a customer database for HealthNow Networks, but the developer told researchers it was "too much work."

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2055k.png
Slideshow Title: 
ABCD Children's Pediatrics
Slideshow Description: 

A ransomware attack at San Antonio-based ABCD Children’s Pediatrics may have breached the data of 55,447 patients. Affected files may have included patient names, Social Security numbers, insurance billing information, dates of birth, medical records, laboratory results, procedure technology codes, demographic data, address and telephone numbers. Investigators determined it was the Dharma virus, a variant of the Crisis ransomware family. While this virus doesn’t typically exfiltrate data, the provider was unable to rule it out, officials said.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2080k.png
Slideshow Title: 
Washington University School of Medicine
Slideshow Description: 

A Washington University School of Medicine employee fell victim to a phishing attack that may have compromised 80,270 patient records. The medical school learned of the incident on Jan. 24 -- seven weeks after the phishing attack occurred on Dec. 2, officials said in a statement. The employee responded to a phishing email designed to look like a legitimate request. As a result, an unauthorized party may have gained access to employee email accounts that contained patient data.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2017k.png
Slideshow Title: 
Metropolitan Urology Group
Slideshow Description: 

This Milwaukee-based provider began notifying patients that a November ransomware attack may have exposed their personal data. There were 17,634 patients affected, according to the U.S. Department of Health and Human Services' Office for Civil Rights. Two of Metropolitan Urology’s servers were infected by the virus, which may have exposed data of patients between 2003 and 2010. Officials said the data contained names, patient account numbers, provider identification, medical procedure codes and data of the provided services. About 5 percent of these patients had their Social Security numbers exposed.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20years%20vuln.png
Slideshow Title: 
Denton Heart Group
Slideshow Description: 

An unencrypted hard drive that contained seven years of backup electronic health record data was stolen from the Denton Health Group, a member of the HealthTexas Provider Network. The backup files contained a hoard of patient data from 2009 until 2016: Names, Social Security numbers, dates of birth, addresses, phone numbers, driver's license numbers, medical record numbers, insurance provider and policy details, physician names, clinic account numbers, medical history, medications, lab results and other clinical data.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2014k.png
Slideshow Title: 
Brand New Day
Slideshow Description: 

In March, the Medicare-approved health plan notified 14,005 patients of a potential breach of electronic protected health information after an unauthorized access through a third-party vendor system. On Dec. 28, Brand New Day discovered that an unauthorized user had accessed the ePHI provided to one of its HIPAA business associates on Dec. 22. The access occurred through a vendor system used by a contracted provider, officials said.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2022k.png
Slideshow Title: 
Singh and Arora Oncology Hematology
Slideshow Description: 

In February, the Flint, Michigan, cancer center notified 22,000 patients of a breach discovered in August 2016. Hackers had access to the practice's server between February and July of 2016, local affiliate ABC12 reported. The files contained names, Social Security numbers, addresses, phone numbers, dates of birth, CPT codes and insurance information.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2010k.png
Slideshow Title: 
Verity Medical Foundation-San Jose Medical Group
Slideshow Description: 

Verity Medical Foundation-San Jose Medical Group website, part of the Verity Health System in Redwood City, California, was hacked, exposing the data of 10,164 patients. Verity includes six California hospitals, the Verity Medical Foundation and Verity Physician Network. An unauthorized user hacked into the website from October 2015 until it was discovered by Verity Health on January 6. The website was no longer in use.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20220k.png
Slideshow Title: 
CoPilot Provider Support Services
Slideshow Description: 

More than a year after discovering a potential breach to its websites, healthcare administrative services and IT provider, CoPilot Provider Support Services notified 220,000 patients and doctors who used its service. An unauthorized user breached one of CoPilot's databases, used by both healthcare providers and patients, in October 2015, according to officials. The hacker downloaded files that contained names, dates of birth, addresses, phone numbers, health insurers and some Social Security numbers of some users. No financial, medical treatment or other information was accessed.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2043-ransom.png
Slideshow Title: 
Indiana-based Cancer Services
Slideshow Description: 

The server and back-up drive of Muncie, Indiana-based Cancer Services of East Central Indiana-Little Red Door were hacked and the data stripped, encrypted and taken for ransom by the cybercriminal organization, TheDarkOverlord, or TDO, the agency revealed Jan. 18. The hack took place on Jan. 11. TDO asked for 50 bitcoin, or about $43,000, in ransom, first in a text message to the personal cellphones of the company’s executive director, president and vice president. Officials said, TDO followed up in a form letter and several emails that contained extortion threats and promises to contact family members of the cancer patients, donors and community partners.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20Slide.png
Slideshow Title: 
Emory Healthcare
Slideshow Description: 

Atlanta-based Emory Healthcare was hacked by the Harak1r1 the 0.2 Bitcoin Ransomware, MacKeeper security researcher Chris Vickery discovered on Jan. 3. On Dec. 30, MacKeeper Security Research Center discovered a misconfigured MongoDB database that contained data from over 200,000 patients and other sensitive information. On Jan. 3, the firm confirmed this data was linked to Emory Brain Health Center. It appeared Harak1r1 wiped a database of the Brain Health Center and blocked access to these records, Vickery said.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2011GB.png
Slideshow Title: 
Potomac Healthcare
Slideshow Description: 

Subcontractor Potomac Healthcare exposed more than 11 gigabytes of sensitive data for health workers employed by the U.S. military's Special Operations Command, or SOCOM, according to security researcher Chris Vickery. Potomac Healthcare is a Department of Defense subcontractor, which provides health workers to the government through management consulting firm Booz Allen Hamilton. Vickery, a white hat hacker with MacKeeper, discovered the flaw in an unprotected remote synchronization service and brought the information to the attention of Potomac Health via both phone and email, he said, but after an hour the data remained online.

Read the full article.

Teaser: 

Healthcare proved itself a lucrative target for hackers in 2016, and so far 2017 is unfortunately following suit. This gallery highlights some of the biggest breaches in healthcare -- and points to mistakes to avoid in the future.

Thumbnail: 
biggest healthcare breaches 2017
Custom OAS pagetag: 
Primary topic: 
Disable Auto Tagging: 

Viewing all articles
Browse latest Browse all 1989

Trending Articles