As headlines focus on coronavirus-related scams, the related healthcare industry also continues to be a top target for cybercriminals.
This year alone more than 3 million patient records have been exposed. Here are the top-five healthcare data breaches so far this year.
1. Health Share of Oregon
More than 654,000 patients had their records breached when a transportation vendor for Health Share of Oregon – the state’s largest agency for Medicaid care management – had a laptop stolen. The laptop stored patient names, phone numbers, dates of birth and Medicaid ID numbers but not medical histories.
2. Elite Emergency Physicians
The Indiana healthcare provider Elite Emergency Physicians experienced a data breach after it hired the third-party vendor Central Files to store and dispose of patient files. Instead of being securely disposed of, the patients’ records, including names, addresses, insurance information and medical histories, were discovered unsecured at a dumpsite. About 550,000 patients were affected by the breach.
3. Magellan Health
The Arizona-based healthcare agency Magellan Health experienced a ransomware attack after hackers successfully gained access to a server through a phishing scam. The data breach affected employees by exposing their credentials, passwords and W-2 forms along with information such names, addresses and health insurance account numbers for 365,000 patients.
4. BJC Health System
Another successful phishing attack led to a data breach at BJC Health System and its affiliated 19 hospitals affecting 287,876 patients. The hackers had access to the Missouri-based healthcare system’s email accounts for one day, exposing patient names, treatments, medications and Social Security numbers (SSNs).
5. Ambry Genetics
Headquartered in California, Ambry Genetics became the victim of a hacker who accessed 232,772 patient records over two days through an email breach. The data exposed included names, medical information and SSNs.
What Happens After the Healthcare Data is Stolen?
Medical records not only contain medical histories but also SSNs, addresses, phone numbers and even financial account information. Hackers can sell this stolen personal and medical data on the dark web. With this information, criminals can not only commit medical identity theft but also use the personal information to open new credit cards or other accounts, make fraudulent purchases, change a billing address or even obtain an official ID in the stolen name.