Healthcare Data Breaches: OCR Reported (November 2020)
Of the 1.2 million patients who had their data stolen and exposed in November 2020, half of these healthcare data breaches were attributed to just three separate incidents.
In November 2020, 48 data breaches were submitted to HHS’ Office for Civil Rights. These reports came from from insurance providers, healthcare providers and associates. OCR reported these incidents to the federal government.
AspenPointe, a mental healthcare provider out of Colorado Springs reported the largest data breach on November 19. 295,600 patient records were compromised. This was attributed to hacking and IT incidents as being the origin of the breach.
Naturally, due to the staggered reporting of data breaches, some of these breaches may have taken place earlier than November. Entities covered by HIPAA are allowed a 60 day window from data breach discovery to reporting. Data breaches reported to OCR may have taken place in September or earlier.
Hacking and other IT incidents accounted for half of these OCR reported breaches, with a further 24 breaches being the result of theft, loss of data, improper disposal and unauthorized access or disclosure.
Healthcare data breaches table (November 2020)
Note: Listed by number of patients affected
| 11/19/2020 | AspenPointe: healthcare provider. Network servers & associated data targeted. 295,617 healthcare patients affected by hacking or IT incidents. |
| 11/05/2020 | Lawrence General Hospital: a healthcare provider. Network servers & associated data targeted. 176,587 healthcare patients affected by hacking or IT incidents. |
| 11/04/2020 | Alamance Skin Center: a healthcare provider. Electronic medical records targeted. 100,000 healthcare patients affected by loss of data. |
| 11/13/2020 | Mercy Iowa City: healthcare provider. 92,795 healthcare patients affected by hacking or IT incidents. emails were targeted. |
| 11/20/2020 | Bayhealth Medical Center: healthcare provider. Network servers & associated data targeted. 78,006 healthcare patients affected by hacking or IT incidents. |
| 11/25/2020 | Tufts Health Plan: health plan. Emails targeted. 60,545 healthcare patients affected by hacking or IT incidents. |
| 11/06/2020 | Advanced Urgent Care: healthcare provider. 58,823 healthcare patients affected by unauthorized access or disclosure incidents. |
| 11/04/2020 | Methodist Hospital of Southern California: healthcare provider. Network servers & associated data targeted. 39,881 healthcare patients were affected by hacking or IT incidents. |
| 11/23/2020 | One Touch Point: business associate/consultant. Paper records or films targeted. 28,658 healthcare patients affected by unauthorized access or disclosure. |
| 11/06/2020 | Healthcare patients Incorporated: healthcare provider. Emails targeted. 27,500 healthcare patients were affected by hacking or IT incidents. |
Source: HHS, Office for Civil Rights, breach report at ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Safeguarding Facilities, Patient Care & Medical Devices
CybX is a full service technology provider that protects all healthcare organizations and providers with a powerful set of custom configured solutions, delivering Quantum Safe encryption designed to Protect Data First. CybX delivers resilient solutions that prevent network threats from accessing data or infrastructure, and secures mobile devices through disruptive apps.
CybX Security ensures a safe, secure computer-based operating environment, adhering to strictest standards and compliance.