Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
February 10, 2015 12:00 AM

Big healthcare breaches affected millions before Anthem's hack

Nia Williams
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    Insurance giant Anthem reported last week that unidentified hackers had managed to infiltrate a database containing personal information on as many as 80 million customers and employees. The hack is the largest healthcare breach yet and highlights the importance of multifaceted cybersecurity measures for protecting sensitive patient data.

    Even though the Anthem breach dwarfs the rest, HHS has recorded 10 more that affected at least 1 million people. The department's Office for Civil Rights requires disclosure for data breaches affecting more than 500 individuals and posts the information on its website, which now has more than 1,100 entries. Excluding the Anthem hack, which is not yet listed, the 10 largest ones combined exposed the protected data of 23.4 million patients.

    1. In 2011, military health system Tricare reported that records for 4.9 million patients were breached when a contractor for the system's insurance carrier, Tricare Management Activity, lost backup tapes used to store electronic health-record data for patients in the San Antonio area. The contractor, Science Applications International Corp. (now Leidos), said the tapes were stolen from the car of an employee transporting them to an off-site storage facility. The breach sparked a $4.9 billion class-action lawsuit. All but two of the cases were dismissed in 2014.

    2. Franklin, Tenn.-based Community Health Systems, an investor-owned company that operates 206 hospitals in 29 states, reported a breach affecting over 4.5 million patients in August 2014. The breach was the result of a cyberattack that cybersecurity experts believe exploited a software bug, Heartbleed, discovered in 2014. The attack was traced to China. Officials believe the hackers were seeking intellectual property on medical devices but instead made off with nonmedical protected patient data including Social Security numbers, names, addresses and dates of birth.

    3. Advocate Health Care, Downers Grove, Ill., reported the theft of four computers from one of its physician groups in August 2013. The computers contained the unencrypted medical records of over 4 million patients. It was not Advocate's first breach. In 2009, a thief stole an unencrypted laptop holding data on 812 patients. The health system said the encryption protocol established after the 2009 theft had not yet been deployed in the offices affected in the 2013 theft.

    4. The Texas Health and Human Services Commission sued Xerox Corp. in May 2014, alleging Xerox had jeopardized the protected health data of nearly 2 million Texas Medicaid patients by refusing to hand over patient records after the state terminated its contract with Xerox's Medicaid claims administration unit. Xerox also copied and removed patient data and allowed other vendors and its lawyers to access it. The state said Xerox's actions put the state out of compliance with federal HIPAA regulations.

    5. Insurer Health Net, Rancho Cordova, Calif., reported in March 2011 that protected health data for 1.9 million past and current customers had been compromised when its IT vendor, IBM Corp., lost drives containing the data.

    6. In February 2011, New York City Health and Hospitals Corp. sued its data storage and transport vendor, GRM Management Information Services, saying the vendor was responsible for the breach of 1.7 million patients' and employees' data when drives containing the data were left in an unlocked van.

    7. Gainesville, Fla.-based insurer AvMed reported 1.2 million members' data was compromised when two laptops were stolen from the company's headquarters in December 2009. Affected members brought a class-action lawsuit which was reportedly later settled for $3 million.

    8. In May 2014, IT employees at Montana's Department of Public Health and Human Services discovered malware on a server containing protected health information of nearly 1.1 million current, former, and deceased state residents. The agency said it expected its cyber liability insurance would cover costs associated with the hacking incident.

    9. Nemours, a healthcare system based in Wilmington, Del., lost a storage cabinet containing unencrypted backup tapes bearing patient billing and employee payroll data for over 1.6 million individuals. The HHS website reports nearly 1.1 million individuals' protected health data was potentially compromised. The cabinet was lost in the course of remodeling.

    10. Insurer Blue Cross and Blue Shield of Tennessee disclosed a breach affecting more than 1 million members after 57 hard drives containing patient data were removed from the insurer's servers located in a Chattanooga office. The breach resulted in HHS' first enforcement action for a self-reported incident. The health plan paid $1.5 million in penalties.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Chat-GPT-healthcare-2.png
    Why Boston Children's wants to hire a ChatGPT expert
    Screen Shot 2018-12-19 at 1.36.49 PM.png
    GE HealthCare stock drops despite revenue growth
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing