HealthData Management recently reviewed the 10 largest cyber attacks of 2015 in the healthcare setting. The report notes that some of the attacks started in 2014 (focusing on the time period of when the attacks were reported). The total number of victims from these hacks was placed at 109,671,626, which represents about one-third of the population of the U.S. Each hacked organization has offered paid credit and/or identity theft protection services.
The single largest attack was against Anthem Health Insurance,
affecting 78.8 million individuals. The
hack affected all Anthem product lines, compromising names, birthdates, member
IDs, SSNs, addresses, phone numbers, email addresses and employment.
An attack against Premera Blue Cross, started in 2014,
affected 11 million individuals. As with
Anthem, a wide range of member information was compromised, including personal
bank account numbers. Ten million individuals were affected by an attack started
in 2013 against Excellus BlueCross BlueShield, which included members from other
BCBS plans in a 31 county area in update New York. The company said “Individuals who do business
with us and provided us with their financial account information or Social
Security number also are affected.”
UCLA Health detected suspicious network activity in late
2014 and investigated with assistance from the FBI, concluding that the
attackers had not gained access to parts of the network that contain personal
and medical information. In mid 2015, as
part of an ongoing investigation, UCLA determined that attacks had accessed
parts of its network, affecting 4.5 million individuals.
Medical Informatics Engineering, which sells electronic
health records with its NoMoreClipboard subsidiary, found an attack that
involved 3.9 million individuals. The hack
retrieved patient names, user names, hashed passwords, security questions and
answers, email addresses, dates of birth, health information and Social Security
numbers all compromised.
An attack against a single database at CareFirst BlueCross
Blue Shield affected 1.1 million individuals.
The attack was discovered during security work being done in response to
attacks against other insurers. Limited
personal information was said to have been involved in the attack, with no
member Social Security numbers, medical claims information or financial
information put at risk.
In mid 2015 Beacon Health System discovered a phishing
attack that accessed multiple employee e-mail boxes, starting in late 2013. The breach was found by an internal forensic
team after an employee noticed email irregularities, and affected the two-hospital
system and affiliated physicians. St.
Mary’s Health in Indiana discovered a breach affecting 4,400 individuals after
investigating a hack attack against employee email accounts.
Advantage Dental, with 30 clinics across Oregon, discovered
an attack on an internal database that affected over 150,000 individuals. The access was terminated only 3 days after it
was discovered and notifications were sent to affected individuals within 30
days. The intruder accessed the database
through a computer infected with malware.
No comments:
Post a Comment