The biggest health data breaches in 2022

 Data breaches can be costly and damaging to the victims affected, and in 2022, the trend of data breaches in healthcare is expected to increase. From large companies like Eye Care Leaders and Shields Health Care Group to smaller companies like Practice Resources, LLC, there has been a rising number of healthcare data breaches over the past year. It is estimated that more than 17 million people were affected by medical data breaches in 2022 alone. What is the cause of these violations? Where do they occur?And what does 2022 look like in terms of medical data security? Sign up to learn more about this year's biggest data breaches!

In 2022, the risk of data breaches and leaks was high

In 2022, 4,100 data breaches were reported. It is reported that around 22 billion records were compromised in 2020. Security magazine predicts that the number of records viewed in 2022 could be up to five percent higher than this number.

Among these breaches and data leaks, multiple phishing, malware, and cyberattacks are among the top-read cybersecurity stories of the year. These included a data breach at Rockstar that exposed about 2 million customer records, an Uber leak that affected 57 million accounts, a Twitter hack that affected 33 million users, and a Revolut leak that affected 2.3 million customer insights.

It is clear that data breaches remain a major concern in today's digital world and companies need to take greater steps to protect their customers' sensitive information. Unfortunately, as technology advances, so do the techniques used by hackers, which means there is a constant battle between companies and criminals trying to gain access to our personal information.

This affects

OneTouchPoints and 2.6 million people

OnTouchPoint provided the Maine Attorney's Office with a revised data breach notification stating that the data breach, affecting 1,073,316 people, is larger than originally reported. 2,651,396 people were affected. According to OTP, the affected files contained names, member IDs, and health rating data. In late April, OTP identified encrypted files on some computer systems and launched an investigation to determine if an unauthorized person had accessed its servers.Because the individuals reported in this series of alerts are employees or former employees, OTP is issuing this alert as a reminder of the need for robust cybersecurity protocols to protect sensitive data and prevent data breaches.

This data breach underscores the need for cybersecurity and reminds us that our data is not always secure from potential risks. This incident should serve as a reminder for companies to be committed to protecting their data and making it more secure. Now let's take a look at the most common data breaches and leaks in 2022.

leading ophthalmologists and 2 million sufferers

On June 17, 2022, a security vulnerability was discovered by Eye Care Leaders in the myCare Integrity system that is believed to affect two million people across multiple organizations.Texas Technological University's Health Sciences Center (TTUHSC) was responsible for 1.3 million affected cases. According to the TTUHSC, the compromised databases may have contained patient names, phone numbers, addresses, email addresses, gender, dates of birth, driver's license numbers and health information. ECL's eye care services had access to her medical information and are now being sued for handling the incident.

This data breach is a stark reminder of the importance of developing and maintaining appropriate cybersecurity protocols to protect sensitive data.Businesses must take responsibility for their actions and ECL will face serious consequences in dealing with the aftermath of this incident.

Eye Care Leaders (ECL) is a leading provider of eye care products and services. Founded in 2011, ECL partners with eye care organizations to provide medical assessments and treatments, contact lenses, eyewear and more. Unfortunately, in June 2022, the company was hit by a massive data breach that exposed the personal data of more than two million people. Investigators assume that sensitive data such as names, addresses, telephone numbers, e-mails, gender, dates of birth, driver's license numbers and health insurance data could be accessed by patients.In addition, medical information related to eye care services could also have been compromised.

Shields Health Care Group has served two million people

On March 28, 2022, Shields Health Care Group noticed unusual activity on its network. The investigation revealed that an unidentified third party had access to the systems between March 7 and March 21, leading to the disclosure of the sensitive data of two million people. Shields suffered a data breach that exposed the full names, social security numbers, provider information, diagnoses, billing information and other details of about two dozen partnered patients at a Massachusetts facility. In response to this incident, Shields is evaluating its security measures to improve the protection of patient information.

The

Shields Health Care Group deeply regrets this unfortunate incident and the impact it has had on 2 million people.We are committed to continuing to protect patient data, and we take this very seriously. As the next step in our security efforts, Shields will work with Professional Finance Company to review existing protections and create more secure systems.

Professional Financial Company and 1.9 million prospects

In July, the Professional Finance Company (PFC), a credit servicing agency based in Greeley, Colorado, reported a ransomware attack to the Office of Civil Rights (OCR). The bug was discovered and fixed in late February, affecting 660 healthcare organization customers and approximately 2 million people.Personal information such as your name, outstanding balances, payment information, addresses, dates of birth, health insurance information, medical records, and social security numbers have been compromised.

After the incident, PFC took steps to improve network security by cleaning up and reconfiguring affected systems.

PFC is committed to providing its customers with the highest level of data security and works hard to ensure the security of its systems. The incident is a reminder of why it's important for organizations and individuals to remain vigilant in protecting personal information. Stay tuned for more of this story as we explore the impact of the Novant Health ransomware attack that affected 1,362,296 people.

 Health and 1.3 million people affected

In December 2022, Novant Health reported a data breach affecting 1.3 million patients. An invalid metapixel code, which may have led to unauthorized disclosure of PHI, was determined to be the cause of the crash. According to The Markup and STAT, hundreds of hospital websites on patient portals have abused Facebook parent company MetaPixel and risked sending data to Facebook when booking appointments.This led to a legal battle surrounding the counterfeiting incident.

Shields Health Care Group has served two million people

On March 28, 2022, Shields Health Care Group noticed unusual activity on its network. The investigation revealed that an unidentified third party had access to the systems between March 7 and March 21, leading to the disclosure of the sensitive data of two million people. Shields suffered a data breach that exposed the full names, social security numbers, provider information, diagnoses, billing information and other details of about two dozen partnered patients at a Massachusetts facility. In response to this incident, Shields is evaluating its security measures to improve the protection of patient information.

The Shields Health Care Group deeply regrets this unfortunate incident and the impact it has had on 2 million people.We are committed to continuing to protect patient data, and we take this very seriously. As the next step in our security efforts, Shields will work with Professional Finance Company to review existing protections and create more secure systems.

Professional Financial Company and 1.9 million prospects

In July, the Professional Finance Company (PFC), a credit servicing agency based in Greeley, Colorado, reported a ransomware attack to the Office of Civil Rights (OCR). The bug was discovered and fixed in late February, affecting 660 healthcare organization customers and approximately 2 million people.Personal information such as your name, outstanding balances, payment information, addresses, dates of birth, health insurance information, medical records, and social security numbers have been compromised.

After the incident, PFC took steps to improve network security by cleaning up and reconfiguring affected systems.

PFC is committed to providing its customers with the highest level of data security and works hard to ensure the security of its systems. The incident is a reminder of why it's important for organizations and individuals to remain vigilant in protecting personal information. Stay tuned for more of this story as we explore the impact of the Novant Health ransomware attack that affected 1,362,296 people.

Novant Health and 1.3 million people affected

In December 2022, Novant Health reported a data breach affecting 1.3 million patients. An invalid metapixel code, which may have led to unauthorized disclosure of PHI, was determined to be the cause of the crash. According to The Markup and STAT, hundreds of hospital websites on patient portals have abused Facebook parent company MetaPixel and risked sending data to Facebook when booking appointments.This led to a legal battle surrounding the counterfeiting incident.

The Novant Health

Data breach reminds us that millions of people's personal information could be at risk if companies don't adequately secure their systems. This is an example that should prompt companies to take a closer look at their own practices and ensure they are doing everything in their power to protect patient privacy. As the investigation into the Novant Health breach continues, it remains to be seen what further ramifications this incident will have. And in another major healthcare system blunder, Broward Health

Broward Health and the 1.3 million affected

In January 2022, Florida-based Broward Health sent out notifications to more than 1.3 million people about a health data breach. The notification was delayed at the request of the Justice Department, as it did not want to disrupt law enforcement's investigation. The unauthorized access to Broward Health's network was obtained through the office of an outside healthcare provider who disclosed personal and financial information, including social security numbers, phone numbers, dates of birth, addresses, address and email, financial account information, insurance information and account information numbers, medical record numbers, Driver's license numbers and medical information for the

people affected.To mitigate the breach and protect patient data, Broward Health conducted an enterprise-wide password reset and implemented multi-factor authentication.

This breach underscores the need for organizations to take proactive steps to protect confidential information. While the extent of the breach has yet to be determined, Broward Health has taken steps to protect the security of patient information and provide appropriate notification. Next Step: Baptist Medical Center Faces Similar Data Security Issue - Stay tuned for more!

Baptist Medical Center and 1st2 million people affected

On April 20, 2022, Baptist Medical Center, a subsidiary of Tenet Healthcare and part of the Baptist Health System, suffered a cyberattack that affected the personal information of 1,243,031 individuals. The unauthorized access to some systems included patient demographics, such as social security numbers, health insurance information, medical record numbers, diagnostic information, and benefit data. Information about billing and complaints has also been leaked.

Since then, Tenet Healthcare has taken steps to ensure similar incidents do not happen again in the future, tightening security measures and hardening systems accordingly. However, this does not repair the damage already done and has led to a lawsuit against Tenet Healthcare for alleged negligence in implementing technical safeguards to protect patient data.We'll see what happens with the Baptist Medical Center case, but it's an example of why all healthcare organizations need to take cybersecurity seriously and invest in the right safeguards.

It is clear that cyberattacks on healthcare organizations can be devastating and it is imperative that all organizations take proactive steps to protect patient information and data. The Baptist Medical Center case is a prime example of why this is so important, and the outcome of this process will remind all healthcare organizations to remain vigilant when it comes to cybersecurity. We now turn our attention to MCG Health, where another massive breach recently occurred, affecting 1.1 million people.

MCG Health and 1.1 million people

In March 2022, MCG Health suffered a large-scale data breach affecting 1.1 million individuals and eight client organizations. The violation included names, addresses, phone numbers, genders, dates of birth, medical codes, and social security numbers. The number of people affected was given as 793,283 according to the MCG health report for the Office for Civil Rights (OCR); A report filed with the Maine Attorney's Office found the total was 1.1 million. Separate notices were likely sent to law enforcement agencies that caused this discrepancy. The breach could have happened as early as February 2020 and is an alarming reminder of how sensitive our health data can be in an increasingly connected world.

The MCG Health Breach is a stark reminder of the risks of entrusting our sensitive health information to third parties. We need to take steps to better protect our privacy, both as individuals and as organizations.But first, let's look at Practice Resources LLC, which reported an even larger data breach that affected 942,128 people.

Practice Resources, LLC and 942.128 affected

Practice Resources, LLC (PRL) recently experienced a ransomware attack that affected over 942,000 people. The incident occurred in April and involved names, addresses, treatment dates, health plan numbers and medical record numbers. In response to the PRL attack, it quickly sought the help of outside experts to secure its systems and issued a statement saying it was "proactive in handling this information with care." After this event, PRL implemented a series of cybersecurity improvements to ensure the security of sensitive data. All affected healthcare organizations have been notified and are taking steps to protect their patient data from further harm.

PRL maintains the highest level of security and privacy for its patients and works to ensure that no one else experiences a similar event in the future and that all affected individuals are notified. As we continue to work hard on our cybersecurity initiatives, Partnership HealthPlan of California reported that 854,913 people were affected by this attack - read on to learn more about their response.

Partnership HealthPlan of California reached 854,913 people

In March 2022, Partnership HealthPlan of California (PHC) suffered a cyberattack by the notorious ransomware group Hive. This attack resulted in a complete shutdown of PHC systems and telephone networks with no expected recovery time. As of April 15, PHC has restored its website and issued a breach notice stating that the data of 854,913 individuals may have been affected.Potentially leaked data included patient names, medical record numbers, tribe identifiers, diagnoses, prescription information, treatment information, and health insurance information. After the attack, the injured person filed a complaint against PHC, claiming that they had not taken the necessary steps to prevent such an incident.

's attack on Partnership HealthPlan in California is a reminder that organizations must remain vigilant in defending their networks, especially against sophisticated threats like ransomware. Businesses must take all necessary measures to ensure the security and confidentiality of their customers' data, or risk facing the consequences. However, this won't be the last we hear of a cyberattack on patient records. Next step: Aurora Health Advocate and 3 million patients.

Advocate Aurora Health and 3 million sufferers

attorney Aurora Health recently revealed that 3 million pieces of personal information about her patients was inadvertently leaked to Google and Facebook due to the use of pixels on patient portals, websites, apps and scheduling tools. This data included IP addresses, session dates and times, proximity to Advocate Aurora Health locations, provider details, procedure types, MyChart notifications, insurance information, and attorney names.

Advocate Aurora has since removed or disabled the affected pixels and is currently evaluating the impact of its actions to reduce the risk of unauthorized disclosure. They are also actively defending against several class action lawsuits filed as a result of this security breach.

Advocate Aurora Health has taken initial steps to improve its security and patient privacy protocols, but the full impact of this breach is not yet clear.As the organization continues to work to restore patient confidence, it's important to note that another large-scale security breach involving Connexin has exposed information on 2.2 million patients - and there's a bigger story to come.

Connexin software and 2.2 million people

On August 26, Connexin Software, a provider of electronic medical record and pediatrician management software, discovered an anomaly in its network. Further investigation revealed that an unauthorized user had accessed offline data used for conversion and troubleshooting, resulting in a 2nd2 million patients from 119 provider practices.

Connection reported that the stolen data included names, contact information, social security numbers, names of guarantors, names of parents or guardians, dates of birth, health insurance information, treatments and procedures, diagnoses, prescriptions, medical records and bills, and/or request details. They also noted that their operational EMR system was unaffected by the incident and explained why there was a delay in notifying patients and their families.

Connexin must take steps to protect offline data and ensure patients and their families are informed in a timely manner. This incident highlights that computer systems and networks can be vulnerable, as demonstrated by the recent leaked data breach in 8 community health networks affecting 1.5 million users.

Community health networks and 1.5 million people reached

In 2022, the Community Health Network (CHN) reported one of the largest health data breaches to date, of which approximately 1.5 million users. CHN has integrated a tracking tool called Pixel to facilitate better access to critical care service details and to regulate patient websites. However, they found that Pixel inadvertently collected user information and shared it with tech companies Meta and Google for marketing purposes. The organization immediately removed or disabled the pixels from their affected platforms and launched an investigation into the violation. The breach has since been reclassified as a HIPAA violation due to a lack of protection of user privacy, with severe consequences for CHN.This incident underscores the importance of proper security measures when handling sensitive health information and the need to educate organizations about the potential risks associated with the use of new technologies.

As a result of this breach, it is clear that organizations need to take a more proactive approach to data security to protect user information. In the following section, we will see how Novant Health takes steps to ensure the privacy and security of its patients' data.

Novant Health and 1.3 million people affected

Novant Health has identified a potential misconfiguration of the metapixel code that may have led to unauthorized disclosure of PHI.Once the problem was identified, the pixel was removed and an investigation conducted. This investigation determined that some personally identifiable information may have been shared with Meta based on an individual's activity on the Novant Health website and patient portal. As a safety precaution, Novant Health has sent letters to all potentially affected patients, including patients registered with medically independent websites and institutions affiliated with MyChart registries. The data breach affected a total of 1,362,296 people. Novant Health encourages patients to be aware of the protection of their personal health information as there is currently no evidence that Meta or other.

Novant Health takes the security of its patient information very seriously and is committed to protecting all information. As we continue to work to improve security, it's important to be aware of the potential risks of data breaches.

excerpt

The number of healthcare data breaches continues to increase, posing a serious threat to patient privacy and security. Organizations must take proactive steps to protect patient data and ensure they are aware of the potential risks associated with the use of new technologies. A firewall (WAF) is an important solution that enables organizations to detect and prevent malicious activity while protecting user data.By implementing these measures, organizations can prevent the devastating consequences of data breaches and protect user information.

In addition, organizations should ensure that they are aware of the potential risks associated with the use of new technologies and take steps to mitigate them. Organizations should also regularly review and update their security policies to protect user data from potential security breaches.

By taking these preventative steps, organizations can better protect their users' information and prevent the devastating consequences of health data breaches.

We recommend that you at least use the free online WAF testing tool to find out how secure your company is.

For innovative healthcare organizations that want to deliver the best patient experience and need to ensure the protection of patient information (PII) while meeting HIPAA compliance requirements, we recommend using Wallarm's solution - HIPPA Compliance For Healthcare