These Are North America’s Biggest Healthcare Data Breaches

Share This

Healthcare data breaches are, unfortunately, all too common. Roughly 70% of reported breaches that impact over 500 individuals occur with healthcare providers—and once a breach occurs, you’re going to get hit with government penalties and a damaged reputation.

Data breaches in healthcare affected more than 51 million in 2022, up from 49.4 million in 2021.  Recent healthcare data breaches typically stemmed from third-party vendors and vulnerabilities in their systems.

It’s all the more important that your organization, as a healthcare provider, ensures that you’re prepared to meet every single type of healthcare cyber attack with leading cybersecurity services and solutions.

Below, we’ll go through the largest healthcare cyber attacks and explain how they happened so that you’re better equipped to protect sensitive patient data from medical data breaches.


The Top 5 Data Breaches In Healthcare History

Tricare – 5 Million Patients Impacted

September 2011 – Tricare provides healthcare services for active-duty military members, their dependents, and retired military veterans. Despite the especially sensitive nature of the electronic medical records of military members and their dependents, Tricare suffered a breach that compromised patient data for over 5 million patients.

Healthcare Providers Underestimate Patient Data Security

Patient data is too important to leave to less experienced IT partners.

This cyber attack on healthcare wasn’t all that “cyber” to begin with—backups were stolen from a car while being transported between facilities.

What was compromised during the breach

  • Social security numbers
  • Names
  • Addresses
  • Phone numbers
  • Personal health information
  • Clinic notes and lab tests
  • Prescription records

What can we learn from this healthcare data breach?

Other than unsafe transportation, you’d do well to check your encryption procedures. Some don’t meet federal standards, meaning that records are at risk. To avoid these issues, ensure that you are compliant with the latest Health and Human Services Office for Civil Rights HIPAA standards.

Community Health Systems – 4.5 Million Patients

April – June 2014 – This hacking incident was launched via malware that entered the system through a software vulnerability. Once they were able to gain access, the hackers were able to collect sensitive information about anyone who had used the facilities in the last five years prior to this healthcare data breach.

What was compromised during the breach

  • Names
  • Birth dates
  • Social Security numbers
  • Phone numbers
  • Addresses

What can we learn from this healthcare data breach?

Your staff needs to be able to identify potential malware and attempts to infect your system with malware—this can be achieved with cybersecurity best practices training and protocols put in place. You also need to consistently test your software and hardware to identify vulnerabilities and remediate them before they can be exploited.


UCLA Health – 4.5 Million Patients

July 2015 – What’s most important to note about this particular healthcare cyber attack is that the attack happened over the course of a year, on its network – but the hospital had zero breaches reported in that time.

What was compromised during the breach

  • Names
  • Dates of birth
  • Social security numbers
  • Medicaid
  • Health plan identification numbers
  • Protected health information

What can we learn from this healthcare data breach?

For not reporting the breach in a timely manner, UCLA Health was issued a $7.5 million fine due to its violation of HIPAA standards.

Always report breaches in the healthcare industry as soon as you discover them. It’s the best way to avoid facing governmental repercussions and mitigate misuse of data.


OneTouchPoint – 4.1 Million Patients

July 2022 – Third-party mailing vendor OneTouchPoint initially reported a breach that impacted just over 1 million individuals, but soon expanded to include over 4 million. This recent healthcare cyber attack was discovered when encrypted files were found on the company’s system, and the organization was able to determine that a cyber criminal had accessed certain servers.

What was compromised during the breach? 

  • Member IDs
  • Health assessment information
  • Names

What can we learn from this healthcare data breach?

Unlike the healthcare data breaches mentioned above, this one occurred due to a third party having a vulnerability in its systems. That’s why it’s critical that you thoroughly vet (or have a healthcare managed services provider thoroughly vet) who you choose to partner with.


Data Breaches In Healthcare History

Credit: Pexels


Advocate Health Care – 4 Million-Plus Patients

August 2013 – Advocate Health Care was affected by a series of healthcare data breaches when four personal computers were stolen. The computers held unencrypted medical information data on them for about 4.03 million patients.

What was compromised during the breach?

  • Names
  • Addresses
  • Dates of birth
  • Credit card information
  • Demographic information
  • Clinical information
  • Health insurance information

What can we learn from this healthcare data breach?

Encryption is absolutely vital to protecting your data from all manner of attacks—ransomware attacks, social engineering, stolen hardware. By not encrypting the data, Advocate Health Care was not only in clear violation of the HIPAA data protection standards, but was negligent with patients’ data safety.

As a result, the organization was hit with a $5.5 million fine by HHS in order to send a message to all healthcare providers—you must encrypt your data using the latest cybersecurity best practices. Refer to physical security controls in ISO 27001 for guidelines on how best to protect your patients’ data—even in the event of physical theft.

How to Prevent a Cyber Attack on Your Healthcare Organization

Whether you want to prevent a hospital data breach or protect a small clinic, the approach to protecting patient data is the same: you must be fully compliant with HIPAA standards.

If you fail to meet those standards, large fines can cripple your business on top of the reputational damage your organization will suffer in the wake of a breach.

Build your practice’s  telehealth privacy and security with these blogs:

The single best way to prevent all these calamitous outcomes is to work with a managed services provider who’s experienced in protecting patient data.

That way, you can guarantee that you are in compliance with all relevant standards while benefiting from safeguards like:

  • Around-the-clock monitoring
  • Cybersecurity best-practices training for staff
  • 24/7 support
  • Comprehensive, fast data backup
  • Penetration testing and other vulnerability assessments

Protect Your Organization From Healthcare Cyber Attacks With ISOwire

Take the first step toward safeguarding patient data: Work with a trusted healthcare IT provider. There is no IT partner better suited to help you protect your healthcare data than ISOwire.

On top of leading cybersecurity services for healthcare organizations, when you work with ISOwire, you get::

  • HIPAA-compliant hosting
  • IT support and consulting
  • Managed antivirus
  • Managed secure remote access
  • Remote monitoring and alerting
  • 24×7 help desk
  • Disaster recovery
  • And much more

Intercept any and all healthcare data breaches with the industry’s leading healthcare IT specialists. We’re backed by over 15 years’ experience. Contact us today.


Featured Image Credit: Pexels