Top 10 Cybersecurity Breaches In Healthtech

biggest healthcare data breaches

In the past decade, we have seen a huge increase in Cybersecurity Breaches In Healthtech, the largest of them impacting a huge 80 million people. Data breaches in the healthcare industry expose really sensitive information, like names, security numbers, and addresses.

The motivation behind these attacks is clear. Since the vast advancements in technology have been made, medical pharmacies, hospitals, and insurance companies keep records of really important and sensitive information. This information for cybercriminals is like gold and something they can exploit. What makes matters really confusing is that the healthcare industries even nowadays have weak security. According to a recent report from SecurityScorecard, the healthcare industry is ranked  9th out of other industries in terms of their security rating.

According to a survey in February 2017, healthcare data breaches have affected 26% of US patients or putting into more clear words, one in every four Americans. The survey also found that 50% of the victims suffered medical identity theft, which cost around $2,500. Another point to worry about is that half of the respondents said that they learned of the breach themselves, instead of an official or law enforcement notification.

These are some worrying facts, especially when you think about the reach of the healthcare industry. Nowadays, almost everyone has healthcare records within the healthcare system. So let’s look at some of the biggest healthcare data breaches, and what information was at threat? 

Biggest Data Cybersecurity Breaches In Healthtech and The Healthcare Industry

  1. Newkirk Products (2016)

In 2016, an issuer of healthcare ID cards Newkirk Products announced that there had been a data breach in their systems. This event affected around 3.47 million patients, and also companies like the renowned insurer Blue Cross Blue Shield, one of the largest health insurance providers in the US. Hackers gained access not only to primary care information, but also to personal information like names of dependents, Medicaid ID numbers, premium invoice information, dates of birth,  and ID numbers.

  1. Banner Health (2016)

Also taking place in 2016, a healthcare provider based in Arizona, Banner Health,  gave shocking news about a cyber attack on their systems. The event compromised records of a staggering 3.62 million patients. The discovery came after staff detected unusual activity on the company’s private servers. As a result, Banner hired a cybersecurity firm for investigation and discovered that two attacks took place in which hackers had accessed records of patients and data of payment systems. The compromised data included names, expiration dates, credit card numbers, verification codes, dates of birth, addresses, names of doctors, Social Security numbers, and other healthcare information.

  1. Medical Informatics Engineering (2015)

Halfway through 2015, which had been a year full of healthcare data breaches, Medical Informatics Engineering, which creates electronic medical records software, announced that there had been a data breach, affecting 11 healthcare providers and a huge 3.9 million patients. Affected patients received a notice in their mails, which mentioned that their personal information like names, phone numbers, Social Security numbers, dates of birth, mailing addresses,  diagnoses, and other info had been stolen.

  1. Advocate Health Care (2013)

Another healthcare data breach took place in 2013, this time to Advocate Health Care. They dis-closed that several data breaches, that included at least two involving computer theft. This revealed the personal information and medical records of around 4.03 million patients. What made it even more worrying for the patients was that the news came four years after the loss of unencrypted data, after which, encryption protocols were placed after the incident, but were not deployed at offices that were affected in 2013. In August 2016, Advocate had to pay $5.55 million to settle the lawsuit related to the breach.

  1. Community Health Systems (2014)

In 2014, Community Health Systems, which operates in 200+ hospitals around the US, announced a huge healthcare breach that affected around 4.5 million patients. The cybercriminals exploited a vulnerability in the software, to gain access to Social Security numbers, phone numbers, dates of birth, and addresses. The people affected were among those that had received treatment in the last five years at any of the hospitals that had CHS’s system installed, also any individual who had been referred to CHS by a doctor in that period.

  1. University Of California (2015)

The UCLA Health System was another organization that was attacked by a healthcare breach that exposed sensitive information of patients in 2015. In the middle of 2015, UCLA’s healthcare system announced that hackers had gained access to records of 4.5 million patients. To make matters worse, UCLA admitted that they didn’t encrypt the data of their patients. This admission drew harsh criticism from security experts.

  1. Tricare (2011)

Science Applications International Corporation (SAIC) announced in 2011 that a data breach had taken place affecting approximately 4.9 million military clinics and normal patients who were enrolled in the systems of TRICARE, the federal government’s military healthcare provider. The cybercriminals stole the data from an employee’s car of SAIC. The victims included active and retired military personnel along with their families. Even though there was no financial data at risk, sensitive information like Social Security numbers, home addresses, phone numbers,  and other data was involved.

  1. Excellus Blue Cross Blue Shield (2015)

In August of 2015, Excellus discovered a cyberattack that had put the private information of 10 million members at huge risk. After several successful cyberattacks targeting healthcare data in 2015 as mentioned above, Excellus had a forensic review of its systems. What they discovered turned out to be quite harsh! This was the third-largest healthcare data theft in history, with the breach extending to December 2013, involving medical data like Social Security numbers, and financial and personal information.

  1. Premera Blue Cross (2015)

Yet another one taking place in 2015, Premera Blue Cross announced that a cyberattack had taken place in the systems, exposing the medical information of 11 million patients. Along with other information, the attack had also exposed bank account numbers, dates of birth, Social Security numbers, and information on claims. Premera’s attack was the second-largest healthcare breach ever.

  1. Anthem Blue Cross (2015)

2015, was historically a negative year for healthcare data, and the biggest healthcare breach to date took place. Disclosed on January 29, 2015, Anthem announced that a shocking 78.8 million patient records were stolen. The cyberattack claimed highly sensitive data like names, home addresses, Social Security numbers, and dates of birth. The victims largely included the Anthem health plan members.

Beware Of Cyber Criminals!

This list of some of the biggest cybersecurity attacks in healthcare should serve as a strong reminder to all managers in the industry about the importance of security. Basic cybersecurity like performing comprehensive security analysis, providing employee training, and constantly reviewing information system activity.

Healthcare providers must be up-to-date on what’s going on in their environment and monitor the situation for signs of any suspicious activity. Then, they must have the ability to take immediate action which is why training is crucial. Healthcare companies make a genuine commitment to improving their security operations to avoid the unfortunate events that took place before. 

Read More: Top Artificial Intelligence (AI) Trends In 2022


Muhammad Haroon Mushtaq is a highly skilled and experienced SEO expert. With years of experience in the field, he has a deep understanding of search engine algorithms and ranking factors, as well as a strong track record of success in helping clients improve their search engine rankings and drive traffic to their websites. Whether you are looking to improve your local SEO, optimize your website for specific keywords, or develop a comprehensive online marketing strategy, Muhammad Haroon Mushtaq has the knowledge and expertise to help you achieve your goals. His passion for digital marketing and dedication to delivering results make him a valuable asset to any team or business looking to succeed online. If you are looking for expert guidance on SEO, Muhammad Haroon Mushtaq is an excellent choice. You can follow him on LinkedIn to stay up-to-date on his work and learn more about his experience and expertise in the field of SEO.

Related Articles

Back to top button