Nearly 3.5 million people had data exposed in healthcare breaches reported to the federal government last month.
That's up from 2 million people who had information compromised in data breaches reported in May.
Yet June had the lowest number of healthcare breaches reported in a single month since the start of 2019, with providers, health plans and their business associates reporting 29 data breaches to HHS' Office for Civil Rights, the agency that maintains the government's database of healthcare breaches. That's down 40% from the 49 data breaches reported to the OCR during May.
The vast majority of people affected in the data breaches reported in June, just under 3 million, had information exposed in a single incident at Dominion National, an insurer and administrator of dental and vision benefits in the Mid-Atlantic. The breach is the largest incident to be reported to the OCR this year.
Dominion National on June 21 notified the OCR that an unauthorized user may have accessed some of its computer servers. The unauthorized access, which Dominion National said it learned of April 24, may have begun as early as April 2010, according to an investigation the insurer is conducting with an unnamed cybersecurity firm.
The computer servers in question stored or were able to access enrollment and demographic data for current and former members of select plans, as well as people affiliated with organizations that Dominion National administers dental and vision benefits for. That could mean addresses, dates of birth, Social Security numbers and bank account numbers were exposed in the breach.
Hacking and IT incidents, like the one at Dominion National, accounted for 45% of the data breaches reported in June. The remaining breaches resulted from theft, loss, improper disposal, or unauthorized access or disclosure of patient records.
Absent from the OCR's breach portal to date are reports from a massive breach at billing collections vendor American Medical Collection Agency, which was publicly disclosed last month.