The healthcare system in America is a modern marvel that is powered by data. As healthcare facilities collect more and more of this personal data from patients, they have attracted the interest of malicious actors online. In fact, in 2020, healthcare data breaches climbed by a whopping 55%.
So, how bad were the biggest medical data breaches in recent history – and what can healthcare providers do to prevent them?
The Worst Recent Healthcare Data Breaches
There are two primary ways to measure damages of healthcare hacks:
- the cost in damages as a result of the breach, and
- the number of people affected.
Note that Forbes estimates the average cost of healthcare breaches to be $3.86 million. Other factors to consider are the severity of the health information breach and the level of sensitivity of the data stolen.
1. Blackbaud Healthcare Data Breach
Most industry experts agree that the Blackbaud healthcare data breach ranks among the most serious. A ransomware attack forced Blackbaud to pay money to protect its clients’ data. Despite allegedly receiving confirmation the stolen data was destroyed, Social Security Numbers and bank account information were still compromised.
This patient data breach affectedmillions of victims across multiple healthcare organizations. Inova Health System alone reported 1,000,000 affected patients. Blackbaud did not disclose how much it paid in ransom money, and ongoing class action lawsuits are likely to raise the overall financial cost of this medical records breach.
However, perhaps the largest cost of a data breach is lost trust. It typically takes years for an organization to regain that trust – if ever.
Want to Ensure That Your Healthcare IT Is Secure?
Eliminate vulnerabilities and deploy industry-leading solutions with True North
2. Magellan Health Hospital Data Breach
Magellan Health was also directly targeted by a ransomware attack. While the breach was extensive, Magellan was able to restore the stolen data from data backups and did not pay the ransom money. This security breach in healthcare also prompted class-action lawsuits.
Most sources estimate that around 365,000 individuals were affected. Both employee records and patient data were compromised in this attack:
- 1099s and W-2 details for workers
- Social Security Numbers
- Taxpayer IDs
- Log-in credentials
- Health insurance account information
- Treatment information
- Physical addresses
3. Luxottica Medical Records Breach
When it comes to recent data breaches in healthcare, Luxottica has the inauspicious recognition of having been the victim not once, but twice of major branches. Both incidents reportedly occurred in the fall of 2020 and one had a direct impact on eyewear patients.
To make matters worse, the system was compromised for four days before the eyewear company noticed the suspicious activity.
The hacker gained access to information through an app Luxottica’s clients and their patients used to schedule appointments. Subsequent investigations found that the hacker likely accessed the following types of data from 829,454 individuals:
- Social Security Numbers
- Credit card information
- Appointment dates and times
- Health conditions
- Notes related to appointments
- Health insurance policy information
What You Can Do To Prevent Healthcare Hacks
Preventing cyber attacks necessitates diligence, vigilance, and a robust cybersecurity array. Hacking incidents have been frequent even before useful innovations like the cloud and telehealth when poorly implemented, open up healthcare to potentially more vulnerabilities.
With that in mind, there are several steps companies can take to reduce the likelihood of becoming a victim of healthcare security breaches.
1. Provide Training on Medical Data Breaches
The number one cause of data breaches in any industry is still human error. In fact, studies show that 90% of breaches are caused by human mistakes, not technical ones. Ensuring compliance with regulations like the Health Insurance Portability and Accountability Act helps not only ensure your organization is safe from healthcare hacks, but also from potentially damaging fines from regulators.
It might also reduce the likelihood of patients filing complaints with the Department of Health. For that reason, many healthcare providers look for support with compliance consulting.
2. Choose Good Allies Against Healthcare Breaches
When you partner with tech companies for apps, cloud computing, and other services, choose wisely. Did the company have breaches in the past? How did it handle it? How long did the breach go undetected? What has revealed in any class action lawsuits or investigations that followed? Choosing tech partners that prioritize data security can help you reduce network vulnerabilities.
Interested in learning more? Check out these blogs:
3. Create a Crisis Plan for Security Breaches in Healthcare
Security breaches in healthcare are preventable, but it helps to have contingencies in place that will help your organization avoid the most severe consequences. Create a crisis plan ahead of time, so you know exactly how to respond:
- Work with a trusted tech company that can assist with investigations
- Have data backup and disaster recovery plans in place
- Prepare templates for the likely statements you will need to issue to clients, patients, or the public
- And more
Develop a Patient Data Breach Prevention Plan With an Expert Healthcare IT Provider
Being able to prevent a hospital data breach or a breach in your organization can be a potentially multi-million dollar investment. As such, you need a partner you can trust.
True North has been working hard for almost 15 years to prevent hospital data breaches. We provide leading cybersecurity services and solutions to hundreds of hospitals and practices under our care. Request us for a free consultation today.