top of page
  • Writer's pictureIrma Rastegayeva

The Biggest Healthcare Breaches of The Last Year

Updated: Oct 24, 2020

Cybercrime is a multi-billion dollar industry.

Healthcare records are particularly prized because of the wealth of information that they provide. For example, the AMCA data breach exposed over 22 million records, counting today as the biggest breach to affect third parties.

In this post, we’ll run through the AMCA breach, and some of the other biggest healthcare breaches of 2019.

The AMCA Data Breach

This breach revealed the information of 22 million Americans. It seems that the hackers hit the motherload. They got away with:

  • Names

  • Addresses

  • Email Addresses

  • Medical Information

  • Social Security Numbers

  • Credit Card Numbers

The company has since filed for bankruptcy as a direct result of this hack. The hack was only discovered because of the high number of fraudulent charges appearing on clients’ statements. We still don’t know the full impact of the breach.

The lesson that we should learn from this is that breaches can have far-reaching effects. They might even result in the closure of your business.

The Dominion National Breach

The Dominion National Breach saw the records of 2.9 million Americans being exposed. That doesn’t sound too bad, until you consider that the breach occurred over a period of nine years. Too many companies believe that cyber criminals hit just once and move on.

This breach shows that the exact opposite is actually true. Instead of leaving, the hacker left themselves a back door. This allowed them to dip back in and out as they pleased.

The hackers got:

  • Full names

  • Social Security Numbers

  • Bank Account Numbers

  • ID Numbers

  • Taxpayer Numbers

  • Addresses

  • Email Addresses

The lesson we should learn from this is never to be complacent. The hacker hid their tracks well, but it’s inconceivable that a company with a good cybersecurity system in place could have missed the mark so badly. Regular testing of the company’s systems is now crucial.

The Inmediata Health Group Incident

We’re labeling this an incident rather than a breach. The problem here wasn’t a hacker but rather a bad configuration of the company’s website. The outcome is the same, though. The details of over 1.5 million clients were exposed.

The company doesn’t believe that the information was accessed, but how do we know for sure?

Fortunately, there wasn’t much sensitive data exposed. That said, some social security numbers were amongst the unprotected information.

The lesson that we should learn from this is that you should be sure your website doesn’t have any holes.

The UW Medicine Incident

The numbers for this one come in at just over 970,000 member’s information being exposed. Again, the reason for the breach was user error. A misconfigured server left the information of clients exposed.

What is frightening here is that the company was notified just after Christmas in 2018. The information remained online until the tenth of January 2019. The company brought up an interesting observation.

While they could remove their data easily enough, the problem was that it was floating around on Google. Google saves snapshots of sites. If the site is down, it can display these cached items instead.

The lesson that we should learn from this is that you might have more of an issue than you realize. Erasing something off the net is not that simple.

The Oregon Department of Human Services Breach

They’re still tallying the number of victims here. The Oregon DHS serves around 1.2 million people, though. What’s frightening about this breach is that the information was attained through phishing. Phishers targeted nine employees to access the information they wanted.

The lesson that we should learn from this is that learning to recognize phishing attempts should be a priority for businesses.

Final Notes

There you have it – the top five breaches in the healthcare industry in 2019.

With hackers able to sell these packages at around $10 per name, even a modest haul of 100,000 could get them $1,000,000.

Cybercrime is big business. And with numbers like these, it’s clear that the healthcare industry is a highly attractive target.


bottom of page