Cyber breaches in 2016 compromised more than 12 million records according to the “2016 Year-End Healthcare Cyber-Breach Report” released recently by cybersecurity defense specialist TrapX Security. The research, which was conducted by the company’s TrapX Labs division, indicates that the continued wave of cyberattacks impacting healthcare institutions in the United States increased by 63% year-over-year to a total of 93 major attacks. The data also shows sophisticated cyberattackers now are responsible for 31% of all major HIPAA data breaches reported in 2016, which is a 300% increase in the last three years.
Following are the top 10 healthcare cyberattacks of 2016, based on the number of protected health information data records breached. The dates are not necessarily based upon the date of the attack but on the date when mandatory reporting to the Department of Human Health and Services, Office of Civil Rights, was submitted.
- Banner Health: In August, this health system reported that approximately 3,620,000 patient records were breached, making this the single largest healthcare data breach reported so far in 2016.
- Newkirk Products: Also in August, this company, which is part of Broadridge Financial Solutions, was attacked, and approximately 3,446,120 records were potentially compromised.
- 21st Century Oncology: In March, 21st Century Oncology was breached and approximately 2,213,597 former and current patients were affected.
- Valley Anesthesiology Consultants: In August, Valley Anesthesiology Consultants announced it was potentially breached during an ongoing cyberattack that occurred between March 30 and June 13, 2016. 882,590 records were affected.
- Peachtree Orthopedic Clinic: In November, this provider of orthopedic services headquartered in Atlanta, GA, notified 531,000 patients of a cyberattack that had compromised their protected health information.
- Central Ohio Urology Group: In May, the group reported an August 2015 cyberattack that affected 300,000 patients.
- Southeast Eye Institute, P.A. (doing business as Eye Associates of Pinellas): In May, the institute was notified by Bizmatics, a provider of medical practice software serving more than 15,000 medical practices, that it had suffered a breach that impacted 87,314 individuals.
- Medical Colleagues of Texas: Also in May, this facility reported a breach that affected approximately 68,631 individuals.
- Urgent Care Clinic of Oxford: In September, the clinic reported that approximately 64,000 individuals were impacted when the organization was breached.
- Alliance Health Networks: In February, this provider reported that one of its patient databases had been left accessible via the Internet; this may have resulted in the protected health information of 42,372 patients being exposed for a period of 30 months.
The “2016 Year-End Healthcare Cyber-Breach Report” shares data on all major U.S. cyberattacks reported from Jan. 1 to Dec. 10, 2016. Some of these breaches may have been ongoing prior to the start of 2016, but to retain consistency, the report only used the official reporting dates to the HHS OCR that fall within 2016. The full report can be downloaded at https://goo.gl/3lBQ5O.