Healthcare data breaches

Healthcare data breaches can result from hacking, data theft, loss or unauthorized access. Whatever the cause, these breaches can potentially jeopardize patient privacy by exposing protected health information. Understanding the latest data breach patterns can help healthcare organizations mitigate risk.

Top Stories

News 10 Jul 2024
Change Healthcare publishes data breach notice

Change Healthcare has begun mailing data breach notification letters to affected individuals. Continue Reading
News 09 Jul 2024
HSA administrator discloses healthcare data breach

In an SEC filing, HealthEquity disclosed a healthcare data breach that stemmed from unauthorized access to a business partner’s user account. Continue Reading

News 15 Mar 2022

Labette Health, Capital Region Medical Center Confirm Data Breaches

Labette Health and Capital Region Medical Center disclosed data breaches that resulted in potential PHI exposure. Continue Reading
News 14 Mar 2022

Over 611K Impacted in Most Recent String of Healthcare Data Breaches

Healthcare data breaches continue to increase in severity—a cyberattack at Norwood Clinic impacted 228K individuals and a Denver cardiology practice breach hit 287K. Continue Reading
News 14 Mar 2022

Logan Health Faces Lawsuit in Wake of Hacking Incident

Montana-based Logan Health Medical Center suffered a hacking incident in November that impacted over 213,000 individuals and exposed protected health information. Continue Reading
News 09 Mar 2022

CO Hospital Suffers Email Data Breach, 52K Impacted

Montrose Regional Health in Colorado discovered an email data breach that impacted over 52,000 individuals. Healthcare data breaches continue to overwhelm the sector. Continue Reading
News 07 Mar 2022

Duncan Regional Hospital Data Breach Impacts 92K

Duncan Regional Hospital, Crossroads Health, and others disclosed separate healthcare data breaches that collectively impacted hundreds of thousands of individuals. Continue Reading
News 03 Mar 2022

Monongalia Health Suffers Second Healthcare Data Breach

A few months after Monongalia Health suffered a phishing attack, the West Virginia-based health system began notifying victims of another healthcare data breach. Continue Reading
News 28 Feb 2022

Houston Health Department Suffers Healthcare Data Breach

The Houston Health Department, EPIC Pharmacy Network, and Alliance Physical Therapy Group began notifying patients of healthcare data breaches recently. Continue Reading
News 25 Feb 2022

Montana Medical Center Faces Hacking Incident Impacting 214K

Logan Health Medical Center suffered a hacking incident that impacted nearly 214K individuals as hacking incidents increase across the healthcare sector. Continue Reading
News 23 Feb 2022

Jackson Hospital Suffers Patient Data Exfiltration Incident

Recent data breaches included data exfiltration at Florida-based Jackson Hospital and improper PHI access by an employee at Michigan Medicine. Continue Reading
News 22 Feb 2022

Sea Mar Community Health Centers Faces Lawsuit Over Data Breach

Sea Mar Community Health Centers in Seattle is now facing a lawsuit after a 2021 data breach that impacted 688,000 individuals. Continue Reading
News 17 Feb 2022

Malware, Employee Email Breaches Result in PHI Exposure

Employee email breaches, malware, and unauthorized access continue to cause PHI exposure at small healthcare organizations across the country. Continue Reading
News 16 Feb 2022

Illinois Hospital, FQHC Suffer Healthcare Data Breaches, PHI Exposure

South Shore Hospital in Chicago and Family Christian Health Center in Harvey, IL are both rebounding from healthcare data breaches. Continue Reading
News 09 Feb 2022

Lengthy Healthcare Cyberattack Recovery Disrupts MD Department of Health

The Maryland Department of Health just entered month three of the healthcare cyberattack recovery process as data breaches continue to torment healthcare organizations. Continue Reading
News 04 Feb 2022

Third-Party Data Breaches, Unauthorized Email Access Cause PHI Exposure

A Massachusetts billing company data breach impacted some Beth Israel clients, and the CO Department of Human Services fell victim to a third-party data breach. Continue Reading
News 03 Feb 2022

KY Hospital Systems Still Down 1 Week After Cybersecurity Incident

Taylor Regional Hospital in Kentucky is still experiencing phone line outages and delays more than a week after a cybersecurity incident took its systems offline. Continue Reading
News 27 Jan 2022

KY Hospital Systems Down During Cybersecurity Incident Investigation

Hospital systems and phone lines are down at a Kentucky hospital, and a server misconfiguration resulted in potential PHI exposure in a California county. Continue Reading
News 24 Jan 2022

Outpatient Facilities Continue To Be Targeted In Healthcare Cyberattacks

Some cybercriminals shifted their targets to outpatient facilities and business associates rather than big health systems. Continue Reading
News 19 Jan 2022

Healthcare Cyberattacks, Vendor Mishaps Result in PHI Exposure

Third-party vendor errors and healthcare cyberattacks continue to jeopardize patient privacy and cause PHI exposure. Continue Reading
News 18 Jan 2022

Family Medicine Practice Notifies Patients of Data Breach 1 Year Later

Netgain said it discovered the data breach in late 2020, but a Minnesota family medicine practice notified its patients in January 2022. Continue Reading
News 13 Jan 2022

MD Department of Health Systems Down 1 Month After Ransomware Attack

One month later, the Maryland Department of Health is still in the process of recovering from a debilitating cyberattack. Continue Reading
News 10 Jan 2022

Data Breaches Hit Saltzer Health, Loyola University Medical Center

The sector continues to be a prime target for healthcare data breaches that lead to network outages, data exfiltration, and PHI exposure. Continue Reading
News 06 Jan 2022

Business Associate Data Breach Impacts 32 Healthcare Organizations

More than 30 healthcare organizations were impacted by a business associate data breach targeted at technology vendor Ciox Health. Continue Reading
News 06 Jan 2022

Healthcare Data Breaches Continue as New Year Begins

Healthcare data breaches are continuing to cause turmoil for patients, providers, and the industry as a whole this year. Continue Reading
News 04 Jan 2022

Billing Error Causes PHI Breach at Illinois Health System

The PHI breach occurred when the information of 1,729 Advocate Aurora Health patients was mailed to the wrong location following a billing error. Continue Reading
News 04 Jan 2022

PHI Breach, Data Exfiltration at Broward Health Impacts 1.3 Million

A PHI breach at Florida-based Broward Health impacted over 1.3 million patients and employees and resulted in data exfiltration. Continue Reading
News 03 Jan 2022

Accounting Firm Faces Lawsuit Over Healthcare Data Breach

Accounting firm Bansley and Kiener is facing a class-action lawsuit after a healthcare data breach that exposed personally identifiable information. Continue Reading
News 23 Dec 2021

West Virginia-Based Monongalia Health System Suffers Phishing Attack

Monongalia Health System began notifying patients of a phishing attack that occurred in October and may have exposed employee and patient PII and PHI. Continue Reading
News 21 Dec 2021

Network Outages, Healthcare Cyberattacks Ramp Up as Holidays Approach

A healthcare cyberattack resulted in PHI exposure Texas ENT Specialists, and Missouri-based Capital Region Medical Center’s systems remain down after a network outage. Continue Reading
News 16 Dec 2021

Kronos Cyberattack Takes Down Healthcare Workforce Management Services

HR management solutions provider Kronos was the target of a recent cyberattack that is now impacting healthcare workforce management and payroll services. Continue Reading
News 08 Dec 2021

Two Data Breaches at WA Senior Care Nonprofit Impact 103K

Washington-based senior care nonprofit Sound Generations experienced two data breaches that impacted over 103K individuals and potentially exposed PII. Continue Reading
News 06 Dec 2021

Cyberattack Pushes Maryland Department of Health Website Offline

A cyberattack forced the Maryland Department of Health website offline, preventing residents from accessing the site’s healthcare resources. Continue Reading
News 02 Dec 2021

Mid-Size Orgs Continue to Be Targeted in Healthcare Cyberattacks

Small to mid-size organizations and outpatient facilities continue to be targets for healthcare cyberattacks that often lead to PHI exposure. Continue Reading
News 01 Dec 2021

Unprotected Database Exposes 170K Healthcare Staffing Records

Researchers discovered an unprotected database that contained 170K healthcare staffing records, potentially exposing passwords, Social Security numbers, and photos. Continue Reading
News 30 Nov 2021

Former NY Hospital Employee Charged with HIPAA Violation

A former employee at Huntington Hospital in New York was charged with a HIPAA violation for accessing the PHI of 13,000 patients. Continue Reading
News 24 Nov 2021

Millions of Patients Receive Healthcare Data Breach Notifications

Utah Imaging Associates began notifying nearly 600K of a healthcare data breach, and Eskenazi Health began notifying over 1.5 million individuals. Continue Reading
News 17 Nov 2021

Ohio Hospital Faces Sixth Day of EHR Downtime After Cyberattack

In other data breach news, new postings on OCR’s data breach portal shows some of the largest healthcare cyberattacks of the year. Continue Reading
News 15 Nov 2021

EHR Downtime Persists in Wake of Ohio Medical Center Cyberattack

Southern Ohio Medical Center is currently facing EHR downtime and appointment cancelations as it recovers from a cyberattack that previously led to ambulance diversions. Continue Reading
News 10 Nov 2021

Hackers Hit Healthcare, Other Sectors With Cyber Espionage Attacks

Unidentified hackers breached nine organizations in a range of industries including healthcare in an orchestrated cyber espionage attack. Continue Reading
News 09 Nov 2021

320K Impacted in EHR Vendor Breach, Ransomware Hits Health Systems

An EHR vendor breach exposed the PHI of 320K, while unauthorized email access and ransomware disrupted the operations of other health systems. Continue Reading
News 04 Nov 2021

Compromised Medical Records, Ransomware Attacks Trouble Healthcare

One California health center’s communication system remains down three weeks after a cyberattack while ransomware and PHI exposure continue to impact healthcare. Continue Reading
News 03 Nov 2021

Healthcare Cyberattacks Target 2 TX Hospitals, Expose PHI

Lavaca Medical Center and Throckmorton County Memorial Hospital both suffered cyberattacks that led to PHI exposure. Continue Reading
News 02 Nov 2021

Health App Security Bug Exposed COVID-19 Vaccine Records

COVID-19 vaccine records from residents of New Jersey and Utah were exposed due to a security bug in the health app Docket. Continue Reading
News 28 Oct 2021

Recent Health Data Breaches Cause EHR Downtime, Deploy Malware

Health data breaches caused by malware and improper data use by employees continue to impact patient care and cause EHR downtime, according to some recent cases. Continue Reading
News 27 Oct 2021

Third-Party Vendor Ransomware Attack Impacts Humana, Anthem Members

PracticeMax, a billing and IT solutions provider, experienced a ransomware attack that impacted some Humana and Anthem members. Continue Reading
News 26 Oct 2021

MI Man Sentenced to 7 Years in Prison for UPMC PII Breach

Justin Johnson hacked UPMC’s HR database and stole the PII of more than 65,000 employees; he later sold the information on the dark web. Continue Reading
News 21 Oct 2021

Spoofing, Phishing, Ransomware Continue to Overwhelm Health Systems

One hospital is being inundated with reports of spoofed phone calls, as others deal with unauthorized email access, phishing, and ransomware. Continue Reading
News 14 Oct 2021

Malware, Unauthorized Access Lead to Healthcare PHI Breaches

Unauthorized access and malware lead to healthcare PHI breaches and network outages for clinics across the country grappling with growing cyber threats. Continue Reading
News 07 Oct 2021

3 Indiana Clinics Suffer Healthcare Data Breaches

Other recent breaches include a health plan data breach at a trucking company, a PHI breach at a MN medical center, and a phishing attack on a TX epilepsy foundation. Continue Reading
News 05 Oct 2021

Healthcare Cyberattack Leaves a System’s Network Down in IN

Johnson Memorial Health’s computer network remains disabled, and the health system is working with the FBI to investigate the healthcare cyberattack. Continue Reading
News 30 Sep 2021

Bad Actors Target Small Clinics With Healthcare Ransomware Attacks

Cybercriminals continue to target small healthcare facilities with ransomware attacks, causing EHR downtime and care disruptions. Continue Reading
News 30 Sep 2021

UC San Diego Health Sued Over Healthcare Data Breach

The lawsuit alleges that UC San Diego Health did not notify healthcare data breach victims in a timely manner and failed to implement preventive cybersecurity measures. Continue Reading
News 23 Sep 2021

Alaska Health Department Notifies Residents of Cyberattack

The Alaska Department of Health and Social Services began notifying the public about a cyberattack that impacted an unknown number of Alaskans. Continue Reading
News 23 Sep 2021

Hive Ransomware Continues to Attack Healthcare Providers

Healthcare data breaches continue as Hive ransomware and other major hacking groups ramp up. Meanwhile, other recent breaches involved unauthorized access to PHI and other information. Continue Reading
News 21 Sep 2021

Improper Hard Drive Disposal Leads to Health Data Breach for 100K

Over 100K patients at HealthReach Community Health Centers in Maine may have had their personal data leaked due to improper disposal of the health center’s hard drives. Continue Reading
News 20 Sep 2021

St. Joseph’s/Candler Faces Lawsuits in Wake of Ransomware Attack

The class action lawsuits allege that the Georgia health system ignored ransomware warnings by federal agencies and failed to create a data recovery plan. Continue Reading
News 15 Sep 2021

Walgreens’ COVID-19 Testing Registration System Exposes PII

Millions were potentially impacted by vulnerabilities on Walgreens’ COVID-19 testing registration system that gave anyone on the internet easy access to patient PII. Continue Reading
News 14 Sep 2021

Houston Provider Delayed Notice of Ransomware Attack for Months

The data breach at Gastroenterology Consultants occurred in January, but patients only began receiving letters about the ransomware attack in early August. Continue Reading
News 10 Sep 2021

AZ Ransomware Attack Leads to Unrecoverable EHRs, Data Loss

An Arizona medical center will have to rebuild thousands of patient records after a ransomware attack resulted in corrupted EHRs and data loss. Continue Reading
News 09 Sep 2021

Business Associate Ransomware Attack Impacts 115K in CA

California-based LifeLong Medical Care notified over 115,000 individuals of a third-party business associate ransomware attack that may have exposed PHI. Continue Reading
News 08 Sep 2021

DuPage Medical Group Faces Lawsuit After Cyberattack Impacts 600K

Less than a week after DuPage Medical Group notified over 600,000 patients of a cyberattack that exposed PHI, two patients filed a lawsuit seeking damages. Continue Reading
News 08 Sep 2021

MA Hospital Faces Class Action Suit After Paying Ransomware Attackers

Sturdy Memorial Hospital in Attleboro, Massachusetts is facing a class action lawsuit after paying ransomware attackers for stolen data. Continue Reading
News 07 Sep 2021

Healthcare Ransomware Attack in CA Involves PHI of 57K

San Andreas Regional Center in California experienced a healthcare ransomware attack that may have exposed the PHI of over 57,000 individuals. Continue Reading
News 03 Sep 2021

Beaumont Health Latest Victim of Accellion Data Breach

Nearly nine months after the Accellion data breach, Beaumont Health in Michigan joined a list of over 11 healthcare organizations impacted by the cyberattack. Continue Reading
News 02 Sep 2021

Microsoft Vulnerability Leaks COVID-19 Vaccination Records in TX County

A Microsoft vulnerability discovered by an independent cybersecurity firm resulted in hundreds of thousands of vaccination records being leaked in Denton County, TX. Continue Reading
News 02 Sep 2021

98K Patients, Employees Impacted by Oklahoma Provider Data Breach

Oklahoma-based provider CareATC suffered a provider data breach that impacted over 98,000 individuals when an unauthorized third party gained access to employee email accounts. Continue Reading
News 01 Sep 2021

Protected Health Information Exposed in Large Cyberattack in IL

DuPage Medical Group began notifying 600K patients that their protected health information may have been compromised in a cyberattack that resulted in network and phone outages. Continue Reading
News 31 Aug 2021

IL Provider Faces Healthcare Data Breach, 171K Patients Exposed

Illinois-based Metro Infectious Disease Consultants alerted 171K patients that their data may have been exposed during a healthcare data breach. Continue Reading
News 27 Aug 2021

CA Attorney General Calls Out Unreported Healthcare Data Breaches

After multiple ransomware attacks went unreported, California’s attorney general issued a bulletin to providers reminding them to report healthcare data breaches. Continue Reading
News 26 Aug 2021

Healthcare Ransomware Attack Leads to EHR Downtime in IN

A healthcare ransomware attack in Indiana resulted in EHR downtime and potential exposure of patient and employee PII after bad actors released data online. Continue Reading
News 26 Aug 2021

Healthcare Ransomware Attack at Indiana ENT Office Impacts 45K

Indiana-based CarePointe ENT suffered a healthcare ransomware attack that may have exposed the PII and PHI of over 48,000 individuals. Continue Reading
News 25 Aug 2021

GA Provider Sends Notice of Healthcare Data Breach to 9,800 Patients

The PHI was removed from Atlanta Allergy & Asthma’s network in January during a healthcare data breach. Continue Reading
News 25 Aug 2021

Healthcare Phishing Scam Exposes PHI for 12K Patients in UT

Utah-based Revere Health fell victim to a healthcare phishing scam that exposed PHI for 12K patients in a 45-minute time period. Continue Reading
News 24 Aug 2021

Microsoft Data Breach Exposes 38M Records Containing PII

A Microsoft Power Apps data breach exposed 38M records across 47 organizations containing PII, including some governmental public health agencies. Continue Reading
News 20 Aug 2021

St. Joseph’s/Candler Back Online After Ransomware Attack

St. Joseph’s/Candler is back online after falling victim to a ransomware attack that forced the health system into EHR downtime and exposed protected health information. Continue Reading
News 19 Aug 2021

More Than 600K Patients Impacted by UNM Health Data Breach

UNM Health discovered a data breach that impacted over 600,000 patients, possibly exposing personally identifiable information. Continue Reading
News 17 Aug 2021

Electromed Data Breach Impacting Customers', Staffers’ PHI

A cyberattack on a Minnesota company caused a data breach of PHI. Continue Reading
News 13 Aug 2021

Catholic Health Impacted by CaptureRx Data Breach, Patients’ PHI Exposed

The CaptureRx data breach is now impacting Catholic Health patients' PHI. Continue Reading
News 23 Jul 2021

Elekta Data Breach Impacting Over 64K McLaren Patients’ PHI

Michigan's McLaren Health Care Corporation's patients are impacted by the recent Elekta data breach. Continue Reading
News 06 Jul 2021

Northwestern Memorial HealthCare Latest Victim of Elekta’s PHI Data Breach

The Chicago-based healthcare system’s oncology patients’ PHI was exposed in the April 2021 data breach. Continue Reading
News 05 Jul 2021

Healthcare Ransomware Attack Targets Practice Management Vendor

Practice management vendor Practicefirst announced a 2020 healthcare ransomware attack that may have exposed patient and employee PII. Continue Reading
News 01 Jul 2021

Hospital Ransomware Attack in Las Vegas Exposes PII

University Medical Center of Southern Nevada fell victim to a hospital ransomware attack claimed by hacker group REvil that exposed PII. Continue Reading
News 28 Jun 2021

Renown Health Falls Victim to Elekta Data Breach, PHI Exposed

Nevada-based Renown Health is the latest to announce that its patients’ PHI was accessed through an Elekta data breach that impacted over 40 other organizations. Continue Reading
News 28 Jun 2021

UofL Health Data Breach Occurs After PHI Sent to Wrong Email

UofL Health in Kentucky notified over 40,000 patients of a health data breach after it emailed protected health information to the wrong email address. Continue Reading
News 25 Jun 2021

Hoya Optical Labs Notifies Consumers of Healthcare Ransomware Attack

Hoya Optical Labs sent notices to customers alerting them of a healthcare ransomware attack in April that exposed personally identifiable information. Continue Reading
News 24 Jun 2021

OSU Data Breach Impacts Veterans, More Ransomware Attacks

Other recent healthcare data breaches include a ransomware attack in Mississippi and a breach at an Iowa eye clinic. Continue Reading
News 24 Jun 2021

UVM Health Continues to Feel Effects of Ransomware Attack

Eight months after a ransomware attack that incurred costs upwards of $63 million, UVM Health continues to experience setbacks and financial losses. Continue Reading
News 23 Jun 2021

Scripps Health Ransomware Attack Leads to Class-Action Lawsuits

Scripps Health is facing two class-action lawsuits in light of a recent ransomware attack that plaintiffs say was preventable. Continue Reading
News 22 Jun 2021

Ohio Medicaid Reports Provider Data Leak, Other Health Data Breaches

Recent health data breaches led to PII exposure for Ohio Medicaid providers, Catholic Health patients, and a Georgia fertility clinic’s patients. Continue Reading
News 22 Jun 2021

Insight Global Calls on Former Employees to Secure PII Data Breach

Fired PA contractor Insight Global asked former employees to secure documents from its contact tracing program months after its PII data breach was supposedly secured. Continue Reading
News 21 Jun 2021

St. Joseph’s/Candler Suffers Ransomware Attack, EHR Downtime

Computers are still down after St. Joseph’s/Candler in Savannah, Georgia experienced a ransomware attack on June 17th, causing EHR downtime. Continue Reading
News 21 Jun 2021

CVS Health Faces Data Breach,1B Search Records Exposed

Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher. Continue Reading
News 21 Jun 2021

UF Health Cyberattack Now Affecting Patient Care

A May 31st cyberattack on UF Health led to EHR downtime, but employees are now reporting additional negative impacts on patient care. Continue Reading
News 16 Jun 2021

CaptureRx Data Breach Hits MetroHealth System, 16 Others

A CaptureRx data breach impacted MetroHealth System and 16 other healthcare organizations with ransomware that exposed the health data of over a million patients. Continue Reading
News 15 Jun 2021

Elekta Data Breach Leaks Patient Info at Oklahoma Cancer Center

Cancer Centers of Southwest Oklahoma revealed that patient information may have been exposed through an Elekta data breach of over 40 healthcare sites in April. Continue Reading
News 11 Jun 2021

Phishing Attack on Five Rivers Health Impacts Data of 156K Patients

Five Rivers Health Centers found a phishing attack led to a two-month long system hack last year; a systems hack, more phishing, and a vendor incident complete this week’s breach roundup. Continue Reading
News 07 Jun 2021

Cyberattack Drives 2 UF Health Hospitals to EHR Downtime

Reports show UF Health in Central Florida leadership is looking into a cyberattack against two of its hospitals, while operating under EHR downtime procedures. Continue Reading
News 03 Jun 2021

Data of 3.3M 20/20 Hearing Care Patients Hacked From Cloud Database

The 20/20 Hearing Care Network found an actor hacked into its AWS cloud database and deleted patient data; ransomware, a system hack, yet another Netgain breach victim, and a data security incident, complete this week’s breach roundup. Continue Reading
News 26 May 2021

207K Rehoboth McKinley Patients Tied to Conti Ransomware, Data Leak

Rehoboth McKinley Christian Health notifies patients, after Conti ransomware actors leaked their data two months ago; CaptureRx breach, data leak, a programming error, an email hack, and Netgain victims, complete this week’s breach roundup. Continue Reading
News 24 May 2021

Cyberattack Updates: Alaska Health Dept, Scripps' Recovery, Ireland HSE

As ransomware continues to disrupt the healthcare sector on a global level, a number of providers are facing ongoing outages, while a vendor is creating a decryptor for Ireland HSE. Continue Reading
News 18 May 2021

Allergy Partners: Data Stolen During Ransomware Attack, EHR Outage

After a ransomware attack and EHR outage in February, Allergy Partners found the actors exfiltrated data; more data theft, a server misconfiguration, and PACS exposure complete this week’s breach roundup. Continue Reading

1
2
3
4

xtelligent Health IT and EHR

Over 60% of hospitals plan to participate in TEFCA
While awareness of TEFCA is rising nationwide, gaps exist across smaller, critical access and independent hospitals, according to...
ONC releases USCDI Version 5 to drive interoperability
United States Core Data for Interoperability Version 5 (USCDI v5) introduces new data classes and data elements to enhance health...
Advocating for SDOH data standards to support health equity
Healthcare stakeholders have successfully advocated for updated race and ethnicity data standards, but more work is needed to ...

xtelligent Healthtech Analytics

Machine learning flags nAMD drug-related eye inflammation
A machine learning tool could bolster early detection of vision-threatening inflammation associated with drugs used to treat ...
Reassessing the use of race in clinical algorithms
Race is often included as a biological construct in clinical guidance, but experts assert that its use must be reexamined to ...
NIH grant to fund depression chatbot for Black patients
Learn how an existing AI chatbot for antidepressant recommendation will be validated for use in Black patients with funding from ...

Close