Recent Healthcare Data Breaches as of September 6, 2021

During holiday weekends, like Labor Day, there tends to be an increase in ransomware attacks, the FBI and the Cybersecurity and Infrastructure Security Agency warned. The agencies noted that these attacks have increasingly been taking place during holiday weekends, such as Mother’s Day weekend, Memorial Day weekend, and the Fourth of July weekend.

From January 1 to July 31, 2021, there were 2,084 ransomware complaints, a 62% increase over the same time period a year earlier, and more than $16.8 million in losses, a 20% increase from the previous year.

In general, healthcare data breaches are on the rise, according to the 2021 Identity Breach Report. Compared with 2019, healthcare experienced a 51% increase in the total volume of records exposed.

Here is a look at some recent healthcare data breaches:

DuPage Medical Group. In August, the Illinois-based physician group notified 600,000 patients that their personal health information was exposed when the computer network was hacked in July, according to the Chicago Sun-Times.

Metro Infectious Disease Consultants. A breach of employee email accounts at the physician group that includes more than 100 infectious disease physicians in the Chicago area may have exposed data for 171,740 patients. The incidence was detected June 24. Patients’ names, birth dates, Social Security numbers, medical data, and more may have been accessed.

Eskenazi Health. After a ransomware attack on its network, the Indianapolis-based hospital is notifying patients that some stolen data is being posted online. The attack happened on August 4, although the hospital did not reveal how many patients were affected.

Revere Health. After an email account of an employee at the Utah-based physician group was breached in June, about 12,000 medical records were exposed. Medical record numbers, birth dates, procedures, and provider and insurance provider names were all exposed, although they were not shared online.

Atlanta Allergy & Asthma. Almost 10,000 patients were informed in early August that a cyberattack in January had exposed names, Social Security numbers, birth dates, financial account numbers, diagnoses, and more. Since the attack, there have been no reports of fraud or use of the personal health information.

University Medical Center. The Las Vegas-based hospital reported to HHS that 1.3 million people were affected by a cyberattack. Personal data obtained in the attack was posted online. The attack took place in mid-June.

St. Joseph’s/Candler. The Savannah-based hospital reported that 1.4 million individuals were affected by a data breach that occurred in June. However, while the activity was discovered June 17, the hacker had initially accessed the network as early as December 18, 2020. Names, Social Security numbers, addresses, financial details, and more were exposed.

University of New Mexico Health. The health system, based in Albuquerque, notified 637,252 patients that they may have been affected by the attack. The breach was discovered June 4, but the files were accessed May 2. The files contained patient names, addresses, medical record numbers, and more. Some Social Security numbers were exposed.