Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Cybersecurity
July 16, 2021 12:45 PM

First half of 2021 marks record high for healthcare data breaches

Jessica Kim Cohen
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    A close-up of a person using a laptop.
    Getty Images

    Healthcare providers, insurers and their business associates have already reported 360 data breaches to the federal government in the first half of 2021—outpacing the same period for all previous years.

    Those 360 breaches exposed data on nearly 23 million patients, according to data from HHS' Office for Civil Rights, which began maintaining a database of healthcare data breaches in 2010. Last year, organizations reported 270 breaches of 8 million patients' data in the first six months of the year; in 2019, around 230 breaches that exposed data on 11.2 million patients.

    Not all of those breaches represent hacks against an organization, noted Michael Hamilton, chief information security officer at cybersecurity consulting firm Critical Insight.

    Breaches attributed to "hacking/IT incidents" accounted for roughly 70% of reports so far this year, which can include intrusions from hackers, as well as incidents in which an IT system is configured in a way that accidentally exposes data. The remaining breaches in the first half of the year resulted from theft, loss, improper disposal and unauthorized access or disclosure.

    That isn't to say hacks aren't a problem in healthcare, Hamilton said. A second-quarter report from the not-for-profit Identity Theft Resource Center found that incidents where data were actually compromised by hackers were up 38% quarter-over-quarter across all industries.

    Healthcare ranked as the No. 1 industry for data compromise in the report, with 162 incidents reported in the first half of 2021.

    Five data breaches reported to OCR in the first half of 2021 compromised data on more than 1 million patients each.

    The largest breach reported involved a hack at a vendor that worked with insurer Florida Healthy Kids Corp. The hack took place on the company's web hosting platform, according to the insurer, which could have exposed information on an estimated 3.5 million people who applied for or were enrolled in the insurer's coverage from November 2013 until December 2020.

    Florida Healthy Kids, which reported the incident in January, said it was notified about the breach in December.

    HHS gives HIPAA-covered entities 60 days from when they discover a data breach to notify the department, so some of the incidents reported to OCR so far this year were discovered in late 2020 and may have taken place even earlier.

    The insurer said the street addresses of a several thousand people—a subset of the 3.5 million people reported to OCR—who applied for the insurer's Florida KidCare coverage online had been "inappropriately accessed and tampered with" by hackers. Other information seemingly hadn't been altered.

    Florida Healthy Kids marks one of the latest examples of a healthcare organization having to notify patients of data exposure after a breach at a third-party company. Kroger Co. since February has notified thousands of patients who shared data with the company's healthcare arm about a massive breach at Accellion, a company it contracted with for file transfer services.

    Many organizations also reported hacks against their own systems, including major breaches at 20/20 Eye Care Network, CaptureRx and American Anesthesiology. In some cases, hackers not only accessed, but actually removed data from organizations' systems.

    Hamilton warned of a newer trend in ransomware, in which hackers won't encrypt data or a hospital's network while demanding money in exchange for a decryption key—instead, hackers are increasingly removing patient records from a hospital's system and threatening to publicly release or sell them if the organization doesn't pay.

    The American Hospital Association in the spring called on the federal government to play a bigger role in responding to ransomware attacks against the healthcare industry, urging for a "coordinated campaign" against ransomware gangs, many of which operate outside of the U.S.

    Steps like implementing multi-factor authentication, monitoring what devices are connected to an organizations's network, restricting sites employees can use on company computers—like personal email or Facebook, both avenues where hackers can send phishing messages—and regularly backing up data can help hospitals protect themselves against breaches.

    Given the prevalence of ransomware and other cyberattacks, hospitals and their staffers should be prepared and taking preventive measures, even if they haven't been hit by malware in the past, said Maya Levine, technical marketing engineer for cloud security at cybersecurity company Check Point Software Technologies.

    "Operate under the assumption that 'we will have a ransomware attack at some point,'" she said. "Ransomware attacks are disruptive for every industry," but in healthcare, "people's lives are … at stake."

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    cybersecurity
    Health insurance data breach exposes Congressional members' personal info
    cybersecurity-data-hacking_2_i.png
    Following alleged cyberattack, Tallahassee Memorial resumes some services
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing