The Biggest Healthcare Data Breaches of 2018 (so far)

 

 

Healthcare continues to be a prime target for hackers and cybercriminals in 2018 and they will likely only get more creative despite better awareness and heightened security protocols among organizations who are prioritizing data and information security more than ever.

 

And while the healthcare industry is often targeted due to the vast amount of personal data it stores, it’s not the only industry vulnerable to a security breach. No matter the industry you’re in, whether it’s healthcare, insurance, legal, or financial, any time you possess confidential employee and customer data, you are at risk.

 

This collection highlights some of the biggest breaches – and points out some mistakes to avoid in the future.

 

1.  Employee error exposed data of 16,000 Blue Cross patients online for 3 months

An employee uploaded a file containing member information to a public-facing website in April, but officials did not discover the error until July. The breach serves as a reminder for organizations to have proper access controls and network monitoring in place to either prevent these types of errors or to quickly detect improperly uploaded data.

 

2.  205,000 patient records exposed on misconfigured FTP server

Arkansas-based MedEvolve misconfigured its FTP server and exposed the data of 205,000 patients from two separate providers. MedEvolve’s leak is not unique to the vendor, as misconfigured databases continue to plague the healthcare sector. About 70 to 99 percent of these cases are caused by internal misconfiguration. The issue could be avoided by better internal policies of the organization’s IT infrastructure.

 

3. 1.4 million patient records breached in UnityPoint Health phishing attack
This is the second breach for the health system this year, and the biggest health data breach of 2018 in the U.S. According to the notice, the health system’s business email system was subjected to a series of targeted phishing emails that looked like they were sent from an executive within the company. An employee fell victim to the emails and opened them, which gave hackers access to internal email accounts from March until April.
 

Securing Confidential Records and Data

 

  • No matter the type of industry you work in – a data breach can happen to you. If you’re required to retain client and patient records for years after they’ve been active, it’s important to employ a secure, offsite document storage provider who can ensure those archived records are kept safe until they are ready to be destroyed. This ensures that your confidential documents are not accessible to wandering eyes, or at risk for an accidental information leak.

 

  • Along with securing hard copy records, it’s important to ensure that your electronic document management software is HIPAA compliant, allows you to create secure document workflows, and set permissions so that information is only accessible to those with authority to view it.

 

  • Storing information in the cloud is a practical and popular solution, but if a cyberattack occurs, will your information be vulnerable? Data vault storage is the safest way to make sure sensitive company data doesn’t fall into the wrong hands.