Healthcare: Hacking Dominates Healthcare Data Breaches (November 2020)

Healthcare Data Breaches: OCR Reported (November 2020)

Of the 1.2 million patients who had their data stolen and exposed in November 2020, half of these healthcare data breaches were attributed to just three separate incidents.

In November 2020, 48 data breaches were submitted to HHS’ Office for Civil Rights. These reports came from from insurance providers, healthcare providers and associates. OCR reported these incidents to the federal government.

Healthcare Data Breaches November 2020

AspenPointe, a mental healthcare provider out of Colorado Springs reported the largest data breach on November 19. 295,600 patient records were compromised. This was attributed to hacking and IT incidents as being the origin of the breach.

Naturally, due to the staggered reporting of data breaches, some of these breaches may have taken place earlier than November. Entities covered by HIPAA are allowed a 60 day window from data breach discovery to reporting. Data breaches reported to OCR may have taken place in September or earlier.

Hacking and other IT incidents accounted for half of these OCR reported breaches, with a further 24 breaches being the result of theft, loss of data, improper disposal and unauthorized access or disclosure.

Healthcare data breaches table (November 2020)

Note: Listed by number of patients affected

11/19/2020  AspenPointe: healthcare provider. Network servers & associated data targeted. 295,617 healthcare patients affected by hacking or IT incidents.
11/05/2020  Lawrence General Hospital: a healthcare provider. Network servers & associated data targeted. 176,587 healthcare patients affected by hacking or IT incidents.
11/04/2020  Alamance Skin Center: a healthcare provider. Electronic medical records targeted. 100,000 healthcare patients affected by loss of data.
11/13/2020  Mercy Iowa City: healthcare provider. 92,795 healthcare patients affected by hacking or IT incidents. emails were targeted.
11/20/2020  Bayhealth Medical Center: healthcare provider. Network servers & associated data targeted. 78,006 healthcare patients affected by hacking or IT incidents.
11/25/2020  Tufts Health Plan: health plan. Emails targeted. 60,545 healthcare patients affected by hacking or IT incidents.
11/06/2020  Advanced Urgent Care: healthcare provider. 58,823 healthcare patients affected by unauthorized access or disclosure incidents.
11/04/2020  Methodist Hospital of Southern California: healthcare provider. Network servers & associated data targeted. 39,881 healthcare patients were affected by hacking or IT incidents.
11/23/2020  One Touch Point: business associate/consultant. Paper records or films targeted. 28,658 healthcare patients affected by unauthorized access or disclosure.
11/06/2020  Healthcare patients Incorporated: healthcare provider. Emails targeted. 27,500 healthcare patients were affected by hacking or IT incidents.
Only breaches affecting 500 or more individuals are reported
Source: HHS, Office for Civil Rights, breach report at ocrportal.hhs.gov/ocr/breach/breach_report.jsf

CybX Security LLC Logo

Safeguarding Facilities, Patient Care & Medical Devices

CybX is a full service technology provider that protects all healthcare organizations and providers with a powerful set of custom configured solutions, delivering Quantum Safe encryption designed to Protect Data First. CybX delivers resilient solutions that prevent network threats from accessing data or infrastructure, and secures mobile devices through disruptive apps.

CybX Security ensures a safe, secure computer-based operating environment, adhering to strictest standards and compliance.

Leave a Reply

Scroll to top
CybXSecurity
Cart
  • No products in the cart.