Recently in hospitals and laboratories located in the USA, there were 3 massive health data breaches. From 2900+ to more than 52000 patients were affected. You can look through these incidents in order from the most massive breach to the least one.
More Than 50K Patients in Colorado Hospital Suffered From Huge Data Breaches
Montrose Regional Health hospital, which is located in CO, suffered from the breach of e-mail information and reported that they have about 52K of impacted patients. This happened because of the non-detection of the breach from August to October 2021. The hospital explains that access to the specific employee’s e-mail profile was the reason for this issue. Health data breaches go on striking the zone.
On the 25th of February, Montrose Regional Health determined that data from the hacked email contained a lot of individuals’ data, e.g. names of patients and providers, internal numbers of patients’ accounts, dates of service, etc., and information about procedures and payments. So, specialists of the hospital analyzed their security rules and operations, changed passwords of all the accounts, and invoked impacted parties to pay attention to their account bills and suspicious activities, even though they still have no confirmation of data misuse.
BakoDx Reported About Data Breaches, More Than 25K Impacted
Bako Diagnostics, also known as BakoDx, is a laboratory providing service concerning human carcass and its coverings. It detected the suspicious activity and soon found out about the hacking attack. As later appeared, that was happening from 21st till 28th of December, 2021. The hacker got access to the personal data of more than 25000 patients.
The offender possibly deleted personal information about health insurance, bills, claims, and some medical data. Fortunately, BakoDx takes individuals’ data security very seriously, and it has taken measures immediately. The laboratory started the investigation of the incident, contacted relative legislative organizations, and made regulative and preventive steps. Also, Bako Diagnostics extended its security capabilities.
Bako Diagnostics gave free access to services for patients that lost their Social Security or/and state identification numbers, driver’s licenses, personal financial data, etc., so they can monitor their credits.
The Case of Phishing in Michigan Medicine
On the 23rd of December, 2021 someone logged in to the email account of Michigan Medicine’s staff member and started to send phishing letters to patients. About 2900 patients were notified about possible PHI breaches.
When the Michigan Medicine worker found the email profile hacked, he or she immediately addressed the IT department to report the problem. They blocked the account at once. All letters were reviewed to make sure if data of individuals’ could be affected. Nothing testified that the main purpose was to steal patients’ health data, but information theft can’t be excluded. Some letters contained personal, medical, and insurance data.
Michigan Medicine noticed that they’re going to work on their security improvement. As the privacy and safety of their patients are one of their number one priorities. So, they are going to take measures to minimize risks and prevent such breaches in the future.
