We’re shedding some light on the top 5 healthcare data breaches of all time. You probably don’t need us to tell you how important HIPAA compliance is. You know that breaches can put your patients at risk and be catastrophic on your wallet. You read about data breaches in the news nearly every day. Yet still, we often hear business owners say “I’m too small, no one cares about stealing my data” or “My data isn’t that important, no one wants it”. Just because your practice may not have millions of records, doesn’t mean you’re in the clear. Unfortunately, hackers aren’t very picky and someone will always pay good money for your data. View the full infographic here.
1. Anthem Blue Cross
Impacted: 78.8M
Type of breach: Hacking/IT incident
Location of breach: Network server
Business associate present? No
In 2018, Anthem Inc, one of the largest US health insurance companies, agreed to pay $115M for the 2015 breach that jeopardized over 78M accounts. Although credit card and medical information was not among the breached personal information, the following PII was compromised: names, birthdays, social security numbers, addresses, email addresses, income, and employment details were.
This is the largest data breach settlement to date and over 100 lawsuits were brought up before the court. The money will be put toward two year credit monitoring for those impacted by the breach, which includes both current and former Anthem/Blue Cross Blue Shield customers. Victims who are already enrolled in credit monitoring may be able to receive a small cash payout instead.
2. Premera Blue Cross
Impacted: >11M
Type of breach: Hacking/IT incident
Location of breach: Network server
Business associate present? No
With over a million members, Premera is on of the largest health insurance providers in the Pacific Northwest. This breach,discovered in January 2015, included medical records, bank account information, social security numbers, and dates of birth. The attack, which occurred in May 2014, impacted Alaskan Premera Blue Cross and Premera Blue Cross Blue Shield members, as well as Vivacity, Connexion, and Washington/Alaska Blue Cross Blue Shield customers. Premera offered free credit monitoring and identity theft protection for two years. It is believed that this sophisticated attack, as well as the Anthem attack, may have been state-sponsored.
3. Excellus Blue Cross Blue Shield
Impacted: >10M
Type of breach: Hacking/IT incident
Location of breach: Network server
Business associate present? No
Twenty fifteen was not a good year for health insurance companies. Excellus Blue Cross Blue Shield announced a major breach in August of that year. The breach, which occurred over a year prior to the announcement, impacted not only Excellus members but also some within the BCBS partner network. It exposed names, birth dates, social security numbers, mailing addresses, phone numbers, and a small number of financial details. Excellus’ data was encrypted, but it is likely that these advanced hackers were able to circumvent that safeguard.
4. SAIC/TRICARE
Impacted: 4.9M
Type of breach: Loss
Location of breach: Stolen backup tapes
Business associate present? Yes
The TRICARE health program, provides healthcare to retired & active-duty troops and their families. In 2011, just under 5M patients in the San Antonio area found that their information may have been stolen, literally. Backup tapes were taken from an employee car of TRICARE’s business associate, Science Applications International Corporation (SAIC). Information on these tapes ranged from social security numbers, names, and addresses, to phone numbers and medical data for members from 1992 – 2011.
5. University of California, Los Angeles Health
Impacted: 4.5M
Type of breach: Hacking/IT incident
Location of breach: Network server
Business associate present? No
In 2015, UCLA Health confirmed that they experienced a data breach Fall 2014. Compromised information included test results, diagnoses, medications, procedures, social security numbers, dates of birth, and addresses – none of which were encrypted. UCLA Health offered a free year of credit monitoring and $1M insurance reimbursement policies to those impacted.