Healthcare data breaches
Healthcare data breaches can result from hacking, data theft, loss or unauthorized access. Whatever the cause, these breaches can potentially jeopardize patient privacy by exposing protected health information. Understanding the latest data breach patterns can help healthcare organizations mitigate risk.
Top Stories
-
News
07 Nov 2024
Kaiser Permanente reports email data breach
Recent healthcare cybersecurity incidents include an email data breach that affected Kaiser Permanente and a ransomware attack against a small rural healthcare provider. Continue Reading
-
News
17 Oct 2024
BianLian cyberattack hits Boston Children's Health Physicians
BianLian cyberthreat actors claimed responsibility for a cyberattack and data breach that affected Boston Children's Health Physicians through its IT vendor. Continue Reading
-
News
03 Oct 2024
Weiser Memorial Hospital investigates potential data breach
Idaho-based Weiser Memorial Hospital is investigating a potential data breach after cyberthreat actors claimed to be in possession of the hospital's data. Continue Reading
-
News
25 Sep 2024
Elitecare Emergency Hospital suffers healthcare data breach
Elitecare Emergency Hospital in Texas suffered a healthcare data breach that affected more than 24,000 individuals. Continue Reading
-
News
18 Sep 2024
Atrium Health alerts patients to phishing scheme, data breach
A phishing scheme used against Atrium Health caused one of several healthcare data breaches reported in September. Continue Reading
-
News
10 Sep 2024
CMS notifies 946K individuals of third-party data breach
The personally identifiable information of nearly one million Medicare beneficiaries was affected by a third-party data breach at CMS. Continue Reading
-
News
06 Sep 2024
RansomHub claims Planned Parenthood cyberattack
RansomHub listed Planned Parenthood of Montana on its leak site following a cyberattack. Continue Reading
-
News
28 Aug 2024
Medical insurance info of 954K affected by vendor data breach
A software vendor data breach at Young Consulting affected covered entities and potentially compromised the medical insurance information of more than 950,000 individuals. Continue Reading
-
News
27 Aug 2024
Atlantic General reaches $2.25M data breach settlement
Atlantic General Hospital reached a data breach settlement over a January 2023 hack. Continue Reading
-
News
20 Aug 2024
Alabama Cardiovascular Group suffers healthcare data breach
A healthcare data breach at Alabama Cardiovascular Group affected upwards of 280,000 individuals after an unauthorized party maintained network access for nearly a month. Continue Reading
-
Feature
16 Aug 2024
Understanding healthcare data breach lawsuit trends
Lawsuits often follow a healthcare data breach, but understanding what drives litigation trends can help healthcare organizations prepare. Continue Reading
-
News
09 Aug 2024
Latest healthcare cyberattacks highlight operational risks
Recent cyberattacks against OneBlood and McLaren Health Care shed light on the operational challenges that targeted organizations face. Continue Reading
-
News
30 Jul 2024
Average cost of a healthcare data breach sits at $9.77M
Healthcare data breach costs fell by 10.6% in 2024 but remain higher than in any other industry, IBM found in its yearly report. Continue Reading
-
News
25 Jul 2024
Pharmacy group sues UHG over Change Healthcare data breach
The National Community Pharmacists Association and dozens of providers sued UnitedHealth Group and its subsidiaries over losses suffered due to the Change Healthcare data breach. Continue Reading
-
News
10 Jul 2024
Change Healthcare publishes data breach notice
Change Healthcare has begun mailing data breach notification letters to affected individuals. Continue Reading
-
News
09 Jul 2024
HSA administrator discloses healthcare data breach
In an SEC filing, HealthEquity disclosed a healthcare data breach that stemmed from unauthorized access to a business partner’s user account. Continue Reading
-
News
03 Jul 2024
6M affected by data breach at life insurance software vendor
The data of more than six million individuals was jeopardized when Infosys McCamish Systems suffered a ransomware attack last Fall. Continue Reading
-
News
21 Jun 2024
Change Healthcare begins data breach notification process
Change Healthcare is continuing to conduct its data review and will begin mailing breach notifications to individual cyberattack victims in late July. Continue Reading
-
News
11 Jun 2024
Eye care company suffers 377K-record data breach
Panorama Eyecare notified more than 377,000 individuals of a data breach, more than a year after LockBit posted the company on its leak site. Continue Reading
-
News
03 Jun 2024
OCR clarifies Change Healthcare breach reporting requirements for covered entities
OCR updated its FAQ webpage and affirmed that covered entities may delegate breach notification responsibilities to Change Healthcare. Continue Reading
-
News
31 May 2024
Sav-Rx data breach affects 2.8M individuals
Pharmacy benefit management company Sav-Rx suffered a cyberattack and data breach in October 2023. Continue Reading
-
News
23 May 2024
CentroMed suffers second healthcare data breach
An unauthorized party accessed and acquired files pertaining to current and former CentroMed patients, resulting in a healthcare data breach. Continue Reading
-
News
20 May 2024
WebTPA healthcare data breach affects 2.4M individuals
WebTPA, a third-party administrator that processes health plan claims, notified millions of individuals of a healthcare data breach that occurred one year ago. Continue Reading
-
News
15 May 2024
Patient data stolen in DocGo cyberattack
DocGo told the SEC that data was accessed and acquired during a cyberattack against its U.S.-based ambulance service. Continue Reading
-
News
26 Apr 2024
Kaiser notifies 13.4M individuals of data breach
Kaiser Foundation Health Plan is notifying millions of individuals that their data may have been disclosed to third parties due to the company’s use of tracking tech. Continue Reading
-
News
10 Apr 2024
Wisconsin health cooperative suffers 533K-record breach
Several other healthcare entities have reported healthcare data breaches to HHS in recent weeks, with most stemming from hacking. Continue Reading
-
News
03 Apr 2024
MFA bypass results in breach at LA County Department of Mental Health
Threat actors were able to gain access to two Microsoft Office 365 accounts by bypassing MFA requirements. Continue Reading
-
News
14 Mar 2024
Healthcare data breaches are piling up 3 months into the year
Individuals impacted by these healthcare data breaches at hospitals and other entities are encouraged to monitor account statements and credit reports for suspicious activity. Continue Reading
-
News
31 Jan 2024
Insurance Broker Data Breach Impacts 1.5M Individuals
Keenan & Associates suffered a data breach in August 2023 that potentially exposed some client health information. Continue Reading
-
News
30 Jan 2024
PJ&A Data Breach Fallout Continues, 4M Additional Individuals Impacted
Concentra Health Services reported a nearly 4 million-record data breach to HHS stemming from a previously disclosed data breach at Perry Johnson & Associates, a medical transcription company. Continue Reading
-
News
24 Jan 2024
Mississippi Health System Suffers Ransomware Attack, 253K Individuals Impacted
Ransomware attacks, theft, and unauthorized access were the causes of several recent data breaches reported to HHS recently. Continue Reading
-
News
22 Jan 2024
Healthcare Data Breaches Continue to Impact Patients in New Year
Several healthcare data breaches have been reported to HHS so far in 2024, all of which occurred in 2023 or earlier. Continue Reading
-
News
09 Jan 2024
LockBit Ransomware Claims Capital Health Cyberattack
LockBit ransomware claimed responsibility for a November 2023 attack on Capital Health that resulted in system downtime. Continue Reading
-
News
08 Jan 2024
North Kansas City Hospital Impacted By PJ&A Data Breach
The PJ&A data breach was one of the largest healthcare data breaches reported to HHS last year, and notifications continue to roll in. Continue Reading
-
News
02 Jan 2024
Fallon Ambulance Service Data Breach Impacts 911K Individuals
The now-defunct ambulance service suffered a data breach when a threat actor accessed its data storage archive. Continue Reading
-
News
27 Dec 2023
Healthcare Software Company Notifies 2.7M Individuals of Data Breach
ESO Solutions suffered a ransomware attack in which an unauthorized third party encrypted some of its computer systems, resulting in a data breach. Continue Reading
-
Feature
26 Dec 2023
This Year’s Largest Healthcare Data Breaches
More than 540 organizations reported healthcare data breaches to HHS in 2023, impacting upwards of 112M individuals. Continue Reading
-
News
18 Dec 2023
Delta Dental of California MOVEit Hack Impacts 7M Individuals
Delta Dental of California notified nearly 7 million individuals that their information had been impacted by the MOVEit hack in May. Continue Reading
-
News
15 Dec 2023
Harrisburg Medical Center Data Breach Impacts 147K Individuals
Harrisburg Medical Center recently disclosed a year-old data breach in which a threat actor potentially gained access to sensitive documents. Continue Reading
-
News
11 Dec 2023
Kentucky Health System Confirms Ransomware Attack Impacting 2.5M Individuals
Norton Healthcare suffered a ransomware attack in May that began with a faxed communication from threat actors containing demands and threats. Continue Reading
-
News
05 Dec 2023
23andMe Data Breach Impacts 6.9M Users
An updated SEC filing shed additional light on the scope of the 23andMe data breach, in which threat actors used credential stuffing to gain access to user accounts. Continue Reading
-
News
29 Nov 2023
8.5M Records Impacted By Welltok Data Breach Stemming From MOVEit Hack
Healthcare software company Welltok notified health plans across the country about the MOVEit hack, which impacted 8.5 million individuals. Continue Reading
-
News
14 Nov 2023
Medical Transcription Service Data Breach Impacts Multiple Health Systems
Northwell Health and Cook County Health both notified patients of a third-party data breach that originated at Perry Johnson & Associates, a medical transcription vendor. Continue Reading
-
News
09 Nov 2023
Henry Schein Hit By BlackCat Ransomware Gang
BlackCat ransomware claimed responsibility for an October cyberattack on Henry Schein, a major distributor of healthcare products. Continue Reading
-
News
17 Oct 2023
RCM Company Reports Data Breach Tied to MOVEit Software, 1.9M Impacted
The revenue cycle management company reported a data breach that impacted more than 1.9 million individuals across more than 50 healthcare organizations. Continue Reading
-
News
25 Sep 2023
Nuance Communications Notifies 1.2M Individuals of Data Breach
Nuance Communications notified more than 1.2 million individuals of a breach stemming from the MOVEit vulnerability. Continue Reading
-
News
19 Sep 2023
Amerita Notifies Nearly 220K of PharMerica Data Breach
Other recently reported healthcare data breaches include a breach at PurFoods and one at MedMinder Systems. Continue Reading
-
News
05 Sep 2023
Synergy Healthcare Services Data Breach Impacts Multiple Healthcare Facilities
A handful of healthcare entities suffered a third-party data breach that originated at Synergy Healthcare Services, a management company that assists long-term care providers. Continue Reading
-
News
28 Aug 2023
Third-Party Data Breaches Continue to Dominate Breach Notifications
The MOVEit hack and other third-party data breaches continue to impact healthcare entities across the country, this week’s data breach roundup shows. Continue Reading
-
News
17 Aug 2023
MOVEit Breach Notifications Continue to Roll In, Impacting Health Data
This week’s healthcare data breach roundup contains a few newly reported breaches stemming from the MOVEit hack, as well as other recent data security incidents impacting health data. Continue Reading
-
News
15 Aug 2023
Health Data of Millions Impacted by MOVEit Exploit at IBM
The Colorado Department of Health Care Policy & Financing notified more than 4 million individuals of a breach that occurred when IBM suffered from a MOVEit Transfer hack. Continue Reading
-
News
09 Aug 2023
Vendor Data Breach Impacts 1.7M Oregon Health Plan Members
Other recent incidents reported recently include a major ransomware attack against Prospect Medical Holdings and a data breach at the Chattanooga Heart Institute. Continue Reading
-
News
03 Aug 2023
Several Healthcare Data Breaches Unfold From MOVEit Transfer Cyberattack
Allegheny County and other victims of the MOVEit Transfer cyberattacks are starting to reveal the impact the mass-exploited vulnerability has left. Continue Reading
-
News
31 Jul 2023
MOVEit Transfer Breach Impacts 612K Medicare Beneficiaries, CMS Says
The MOVEit Transfer vulnerability impacted Maximus Federal Services, a contractor of the Medicare program. Continue Reading
-
News
26 Jul 2023
Software Vulnerability Triggers Rite Aid Data Breach, 24K Impacted
Over 24,000 patients were affected by the Rite Aid data breach discovered in May due to exploited system vulnerabilities. Continue Reading
-
News
18 Jul 2023
MOVEit Transfer Cyberattack Impacts 1.2M at Pension Benefit Information
Pension Benefit Information, a research service that locates benefit plan participants and conducts death audits, suffered a data breach due to the recent series of MOVEit Transfer cyberattacks. Continue Reading
-
News
18 Jul 2023
Imagine360 Suffers Third-Party Data Breach, 112K Impacted
Imagine360 disclosed a third-party data breach to HHS involving its file-sharing platform, Citrix, resulting in exposed Social Security numbers and PHI. Continue Reading
-
News
11 Jul 2023
Law Firm Suffers Healthcare Data Breach Impacting 40K
The 40,823 individuals impacted by the breach at global law firm Orrick, Herrington & Sutcliffe had previously been impacted by a 2020 breach involving a vision benefits plan. Continue Reading
-
News
10 Jul 2023
HCA Healthcare Suffers Data Breach, 11M Patients Impacted
An unauthorized party stole a list of information used for email messages to patients and posted it on an online forum, HCA Healthcare stated in its data breach notice. Continue Reading
-
News
06 Jul 2023
Latest Reported Breaches Impact Small, Mid-Sized Healthcare Organizations
Community Research Foundation, ARx Patient Solutions, and the Williamsport Home reported healthcare data breaches recently. Continue Reading
-
News
05 Jul 2023
Murfreesboro Medical Clinic Confirms 559K-Record Breach
Along with Murfreesboro Medical Clinic & SurgiCenter, Mount Desert Island Hospital and Activate Healthcare reported recent healthcare data breaches to HHS. Continue Reading
-
Feature
26 Jun 2023
Biggest Healthcare Data Breaches Reported This Year, So Far
More than 39 million individuals have been impacted by healthcare data breaches reported in the first half of 2023 alone. Continue Reading
-
News
22 Jun 2023
Digital Health Company Suffers Breach, 103K Impacted
Kannact disclosed a breach to HHS that stemmed from unauthorized access to its network and impacted 103,547 individuals. Continue Reading
-
News
16 Jun 2023
Johns Hopkins Health System Suffers Cyberattack
Threat actors leveraged a vulnerability in a “widely used software tool” to launch a cyberattack on Johns Hopkins University and Johns Hopkins Health. Continue Reading
-
News
14 Jun 2023
Healthcare Business Associate Data Breach Impacts 320K
Onix Group suffered a ransomware attack in March that resulted in a healthcare data breach and impacted several affiliate organizations. Continue Reading
-
News
07 Jun 2023
Enzo Biochem Confirms Data Breach Impacting Nearly 2.5M Individuals
Molecular diagnostics company Enzo Biochem suffered a data breach that exposed clinical test information and Social Security numbers. Continue Reading
-
News
06 Jun 2023
Acuity Agrees to Lawsuit Settlement After 100K-Impacted Data Breach
Acuity has agreed to bolster cybersecurity and compensate up to $500 per victim to settle the lawsuit involving a healthcare data breach that exposed PHI. Continue Reading
-
News
31 May 2023
IL Hospital Suffers Cybersecurity Incident
Illinois-based Morris Hospital & Healthcare Centers is investigating a cybersecurity incident that occurred when the organization discovered unusual activity within its network. Continue Reading
-
News
31 May 2023
MCNA Notifies 8.9M Individuals of Healthcare Data Breach
An internal investigation revealed that the breach exposed the personal information of nearly 9M patients, marking the year's largest healthcare data breach so far. Continue Reading
-
News
26 May 2023
KY Health System Suffers Cyber Incident
Norton Healthcare is actively responding to a cyber incident that occurred on May 9 and began with a faxed communication from threat actors. Continue Reading
-
News
24 May 2023
2M Individuals Impacted by Healthcare Data Breach at Apria Healthcare
Social Security numbers and other personal health information of millions of patients were impacted in the multi-year, months-long healthcare data breach at Apria Healthcare. Continue Reading
-
News
22 May 2023
Data Breach at Debt Collection Agency Impacts Multiple Healthcare Providers
At least 13 healthcare organizations were impacted by a data breach that stemmed from a cyberattack on debt collection agency Credit Control Corporation. Continue Reading
-
News
15 May 2023
PharMerica Notifies 5.8M Individuals of Healthcare Data Breach
National pharmacy network PharMerica disclosed a healthcare data breach that potentially exposed the personal information of millions of individuals, including deceased patients. Continue Reading
-
News
15 May 2023
Utah Health System Suffers Healthcare Data Breach, 103K Impacted
More than 103,000 individuals were impacted by a November 2022 healthcare data breach at Uintah Basin Healthcare. Continue Reading
-
News
11 May 2023
New Mexico Department of Health Data Breach Exposes Decedent Health Information
A spreadsheet containing protected health information pertaining to deaths in New Mexico was sent to a journalist, the New Mexico Department of Health stated. Continue Reading
-
News
10 May 2023
Healthcare Data Breach At Kansas Hospital Impacts 19K
McPherson Hospital suffered a ransomware attack in July 2022 that potentially exposed patient protected health information. Continue Reading
-
News
05 May 2023
TN Medical Clinic Remains Partially Closed As It Recovers From Cyberattack
Murfreesboro Medical Clinic & SurgiCenter suffered a sophisticated cyberattack in late April and immediately initiated an emergency shut down of its network. Continue Reading
-
News
01 May 2023
Latest Reported Data Breaches Impact Variety of Healthcare Orgs
The latest data breaches reported to HHS and state attorneys general offices impacted a variety of healthcare organizations across the country. Continue Reading
-
News
28 Apr 2023
CA Health Plan Reports Data Breach Tied to Fortra GoAnywhere Hack
Santa Clara Family Health Plan is the latest healthcare organization to report a data breach stemming from the exploitation of a vulnerability in Fortra’s GoAnywhere managed file transfer solution. Continue Reading
-
News
24 Apr 2023
Excel File Exposed to Internet at CA Health System
A San Francisco-based health system notified patients of a security incident that occurred when an Excel file containing protected health information was accidentally exposed to the internet. Continue Reading
-
News
21 Apr 2023
DC Health Link Points to Human Error as Cause of Data Leak
The executive director of the DC Health Benefit Exchange Authority provided additional information about the DC Health Link Breach during a House Oversight Committee hearing. Continue Reading
-
News
20 Apr 2023
Parent of 2 Major Massachusetts Health Insurers Suffers Ransomware Attack
Point32Health, the parent company of Harvard Pilgrim Health Care and Tufts Health Plan, suffered a ransomware attack on April 17. Continue Reading
-
News
17 Apr 2023
Alcohol Recovery Startup Suffers Healthcare Data Breach, 108K Impacted
Alcohol recovery startup Monument disclosed a healthcare data breach tied to its use of tracking pixels. Continue Reading
-
News
13 Apr 2023
Iowa Medicaid Suffers Third-Party Data Breach, 20K Impacted
The Iowa Department of Health and Human Services announced that it was impacted by a third-party data breach that originated at Independent Living Systems. Continue Reading
-
News
11 Apr 2023
HHS Emphasizes EHR Cybersecurity Risks to Healthcare Sector
HHS's recent threat brief highlighted the ongoing risks to patient health data stored in EHRs and proposed strategies to mitigate EHR cybersecurity risks. Continue Reading
-
News
07 Apr 2023
Tallahassee Memorial Provides Healthcare Data Breach Notice
Following a February 2023 healthcare data breach that caused Tallahassee Memorial HealthCare to divert EMS patients and take its IT systems offline, the health system reported the breach to HHS. Continue Reading
-
News
04 Apr 2023
Tracking Pixel Use Results in Data Breach at NY Hospital, 54K Impacted
The use of tracking and analytics tools on NewYork-Presbyterian Hospital’s public-facing website may have resulted in the exposure of patient information. Continue Reading
-
News
03 Apr 2023
Vendor Data Breach Impacts At Least 9 Healthcare Organizations
Multiple healthcare organizations have reported breaches tied to Adelanto HealthCare Ventures, a consulting company that suffered a phishing attack in 2021. Continue Reading
-
News
31 Mar 2023
Maryland Hospital Reveals 30K Individuals Impacted by Ransomware Attack
Atlantic General Hospital disclosed that a January ransomware attack tied to reported IT outages also potentially impacted the PHI of over 30,000 patients. Continue Reading
-
News
30 Mar 2023
Fortra GoAnywhere MFT Vulnerability Impacts Blue Shield of CA
Blue Shield of California reported a third-party data breach stemming from its provider, Brightline Medical Associates, which involved the Fortra GoAnywhere MFT vulnerability. Continue Reading
-
News
23 Mar 2023
82K Kroger Customers Impacted By Healthcare Data Breach
An “internal error” led to the exposure of patient names and email addresses tied to Kroger’s mail-order pharmacy service. Continue Reading
-
News
22 Mar 2023
UC San Diego Health Discloses Healthcare Data Breach Stemming From Vendor Pixel Use
UC San Diego Health disclosed a healthcare data breach tied to a technology vendor, Solv Health, which used analytics tools without the health system’s authorization. Continue Reading
-
News
21 Mar 2023
MA Pharmacy Falls Victim to Email Phishing Attack, Results in PHI Exposure
Nearly 6,000 individuals potentially had their PHI exposed due to an email phishing attack that led to unauthorized access to specific email accounts of several AllCare Plus Pharmacy employees. Continue Reading
-
News
16 Mar 2023
4.2M Individuals Impacted by Healthcare Data Breach at Independent Living Systems
The healthcare data breach at Miami-based Independent Living Systems is the largest reported breach of the year so far. Continue Reading
-
News
13 Mar 2023
1M Individuals Impacted By Healthcare Data Breach at Medical Device Company
ZOLL Medical Corporation recently notified more than one million individuals of a healthcare data breach that occurred in January. Continue Reading
-
News
13 Mar 2023
Oregon Health System Uncovers 9-Year HIPAA Violation by Physician
The health system notified nearly 8,800 patients of a HIPAA violation resulting from a physician’s unauthorized access and EHR Snooping, which led to the exposure of PHI. Continue Reading
-
News
07 Mar 2023
Hawaii Skilled Nursing Facility Notifies 20K of Healthcare Data Breach
The latest string of healthcare data breach notifications includes breaches at Aloha Nursing Rehab Centre, Texas Orthopaedics & Sports Medicine, and Compass Behavioral Health. Continue Reading
-
News
02 Mar 2023
4 Organizations Report Recent Healthcare Data Breaches
A substance abuse treatment facility in Washington, a community healthcare system in Virginia, a health plan in New Jersey, and a health clinic in Kansas all recently notified patients of healthcare data breaches. Continue Reading
-
News
24 Feb 2023
Revenue Cycle Management Company Reports Healthcare Data Breach Impacting 250K
Several vendors reported healthcare data breaches recently, including revenue cycle management company Reventics and mobile pharmacy solutions provider mscripts. Continue Reading
-
News
23 Feb 2023
Lehigh Valley Health Network Hit By BlackCat Ransomware Attack
BlackCat has been known to target healthcare organizations with highly sophisticated ransomware attacks. Continue Reading
-
News
23 Feb 2023
Tallahassee Memorial HealthCare Brings Systems Back Online Following IT Security Incident
Tallahassee Memorial HealthCare has returned to standard operations and has fully restored its computer systems following an IT security incident. Continue Reading
-
News
22 Feb 2023
DNA Diagnostics Center Reaches $400K Settlement After Healthcare Data Breach
A 2021 healthcare data breach that exposed the social security numbers of 12,663 Pennsylvania-based patients led DNA Diagnostics Center into a settlement with the Pennsylvania Acting AG. Continue Reading