Learning From the Latest Healthcare Data Breach Reports 

Earlier this month, we discussed the main components that make healthcare so vulnerable to data breaches and ransomware attacks. From aging equipment to expanded attack surfaces and plentiful data, healthcare is prime for hackers looking to gain access to personal and financial data that could prove fruitful.  Today, we are taking a closer look at some of the most recent healthcare data breaches to determine what we can learn to fortify our safeguards and security systems. 

The Good News 

We don’t want to be all doom and gloom, so let’s start with some of the good news. According to HIPAA Journal, “the number of reported healthcare data breaches has fallen for the fourth successive month.”  In March 2022, 43 healthcare data breaches of 500 or more records were reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), which is a 6.52% fall from February and well below the 12-month average of 57.75 data breaches a month. Unfortunately, while the number of breaches have been declining over the last year, the number of records breached during each event has actually risen. “Across the 43 reported breaches, 3,083,988 healthcare records were exposed, stolen, or impermissibly disclosed, which is slightly below the average of 3,424,818 breached records a month over the past 12 months.” (HIPAA Journal) 

doctor reviewing data on a tablet

Examples of Top Breaches in 2022 

Taking a look across the nation can quickly give us examples of breaches within the healthcare industry that are good reminders about training employees on safeguarding email credentials as well as not clicking on unknown links or attachments. 

Christie Clinic 

An email account breach was reported by Christie Clinic in Illinois numbering in the hundreds of thousands of individuals impacted. The root cause of the event was an unauthorized individual accessing an employee’s email between July 14, 2021, and August 19, 2021. It is believed that the hacker was trying to divert payment to a third-party vendor. The incident was confirmed through forensic investigations in January 2022. 

Super Care Health

SuperCare Health also reported a major breach numbering in the hundreds of thousands of individuals impacted. Protected Healthcare Information was stolen and patient data was accessed. Consequently, just two weeks after the discovery of this issue in July 2021, the first of several lawsuits were filed. The lesson here is that even though the incident is still under investigation, the company will face reputation and financial ramifications for years to come due to this incident. 

CSI Laboratories

CSI Labs suffered a ransomware attack in February of this year (2022). The Conti ransomware gang claimed responsibility for the attack and published a sample of the stolen data on its data leak site to pressure the lab into paying the ransom.  Upon learning of the incident, CSI immediately took steps to isolate and secure its systems and investigate the incident. According to BusinessWire online, “CSI has engaged a well-known forensic investigation firm to identify the scope of the incident and assist with securing its systems and data. CSI has carefully brought its systems back online and continues to closely monitor its network and information systems for unusual activity.” How secure is your healthcare data? Are you practicing backups and disaster recovery protocols? Talk to our team to strengthen your healthcare vulnerabilities.