Top Five Data Breaches of 2018 in the Healthcare Sector

Over the last year, several data breaches and massive cyber attacks rocked the healthcare sector. The sector witnessed some of the its biggest breaches in 2018. Threat actors and hacker groups continued to target the healthcare sector leading to some massive malware attacks.

In this blog, we will be highlighting the top five data breaches of 2018 in the healthcare industry globally, in order to be aware about and gain valuable insights from the massive attacks.

#1 - Atrium Health suffered a data breach impacting over 2.65 million patients

Charlotte-based Atrium Health was hit by a data breach that affected over 2 million patients. The biggest breach of 2018 in the healthcare sector occurred after an attacker gained access to a database, provided by a third-party vendor, AccuDoc Solutions Inc. The vendor ’s database was used by Atrium Health to store data and for billing services.

The information compromised in the breach includes patients’ names, addresses, dates of birth, invoice numbers, account balances, dates of service, insurance policy information, and Social Security numbers. However, no medical records and financial information were affected by the breach.

#2 - Health care information of 2 million Mexican residents leaked

A MongoDB database which contained health care information for 2 million patients in Mexico was exposed online. The exposed database could be accessed and edited by anyone without a password. After analyzing the database, researchers spotted a field that contained the administrator's email addresses. Those emails had the domains of hovahealth.com and efimed.care.

Compromised information included details of patients’ such as the full names, genders, dates of birth, home addresses, insurance information, and disability status.

#3 - Attackers hit Singapore health database stealing details of over 1.5 million, including Prime Minister

About 1.5 million patients who visited clinics between May 2015 and July 4, 2018, had their non-medical personal information illegally accessed. The attackers specifically targeted Prime Minister Lee Hsien Loong’s private data and information on his outpatient dispensed medicines. Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack.

#4 - Hackers hit Unity Point Health stealing healthcare data of over 1.4 million patients

Unity Point Health fell victim to a phishing email attack which resulted in attackers stealing healthcare data of over 1.4 million patients. The healthcare group said a series of phishing emails that appeared to come from trusted executives of the institution was used to trick the employees into revealing their login credentials. This made the attackers gain access to the firm's business email system as well as patients’ accounts between March 14 and April 3.

The information compromised in the hack included patients’ personal and sensitive information such as dates of birth, addresses, medical information, date of service, and insurance information. However, no electronic health records were affected by the attack.

#5 - LifeBridge Health hit by a data breach compromising health data of 500,000 patients

Baltimore-based LifeBridge Health and LifeBridge Potomac Professionals were hit by a massive cyberattack exposing the private data of almost 500,000 patients for more than a year. The health care system was infected with malware that infected its EMR server, patient registration, and billing systems.

The information compromised in the breach included demographic information, dates of birth, medical history, insurance data, clinical and treatment information, and Social Security Numbers.

Insights

As a general trend, the number of cyber attacks on the healthcare sector have increased every year but some progress has been made in terms of decreasing the amount of data exposed. The year 2015 saw the number of exposed records rise to 113 million which was an unfortunate year due to several large breaches. However, since then, the amount of data exposed has gone down significantly.

On the other hand, the cyberattacks on the healthcare industry are now spreading across the globe since many developing countries are digitizing their healthcare systems.

The rapid adoption of digital systems, the high-value of health data, and the complexity and breadth of the healthcare industry, make securing patient data a major persisting challenge.