Wondering about some of the biggest healthcare data breaches, do you know if your data may be impacted? Here are the top 10…

10 Biggest Healthcare Data Breaches in the World

A data breach occurs when information is taken from an organization without authorization. This can be hugely damaging for both the individuals and the company affected.

Within healthcare, in particular, a data breach can lead to lost medical records, financial losses for the organization, identity theft, legal action, loss of patient trust, fraud, and loss of control over personal data.

Data breaches have been known to affect millions of people at a time. Have a look at the 10 biggest healthcare data breaches in the world…

1) 78.8 Million People Affected – Anthem Blue Cross

The largest data breach ever recorded within healthcare was discovered in January 2015 by Anthem Blue Cross. Over 78.8 million people were put at risk as personal information was stolen in a cyber-attack that made patient trust in healthcare services plummet.

Affected were millions of members of the Anthem health plan. However, the breach also impacted many independent insurance companies that Anthem worked with. The private data were stolen included:

  • Patient names
  • Social security numbers
  • Home addresses
  • Dates of birth

2) 10.4 Million People Affected – Premera Blue Cross

The second-largest healthcare data breach in the world affected over 10.4 million Premera Blue Cross patients. This humongous data breach occurred in 2014 but went unreported for over 9 months.

As this cyber-attack was reported only 6 weeks after the largest data breach in healthcare history, it is believed that Premera Blue Cross was running a system investigation in response to the Anthem Blue Cross cyberattack when its own data breach was discovered.

Due to the scale of the attack, Premera Blue Cross had to pay the federal government $6.85 million in a settlement. The personal data that was stolen included:

  • Names
  • Addresses
  • Dates of birth
  • Email addresses
  • Social Security numbers
  • Bank account numbers
  • Health plan clinical information

3) 10 Million People Affected – Excellus BlueCross BlueShield

2015 saw many huge data breaches across healthcare services. The third-largest data breach in healthcare hit Excellus BlueCross Blue Shield, with an immense 10 million patients being affected by the attack.

After witnessing data breaches in other large health care organizations, Excellus BlueCross BlueShield thoroughly inspected their own systems. During this forensic review, they found that they had been a victim of a massive data breach. It affected 10 million patients and their families and included personal information like:

  • Financial information
  • Medical data
  • Social security numbers

4) 4.9 Million People Affected – TRICARE

TRICARE, a military health care provider, had a data breach in 2011 that affected over 4.9 million people. Science Applications International Corporation was in charge of TRICARE’s data security but was unable to protect the patient’s data after an employee’s car was broken into and the information was stolen.

Among those affected were the patients of many military clinics. No financial data was stolen, but the attackers were able to gain sensitive information regarding both active and retired military personnel, including:

  • Names of employees and their families.
  • Social security numbers
  • Phone numbers
  • Addresses

5) 4.5 Million People Affected – University of California, Los Angeles Health

After failing to encrypt patient data, the UCLA Health System put its patient’s personal information at risk. Due to the lack of security, hackers were able to access 4.5 million patients’ private data, putting them all at risk of identity fraud.

The backlash of this data breach was extreme, with criticism from security experts who stated that UCLA Health Systems should have predicted the breach and that the data should have been better protected, as well as the outraged response from affected patients. A class-action lawsuit was filed in July 2015, which cost the UCLA Health System $7.5 million in a settlement.

6) 4.5 Million People Affected – Community Health Systems

Over 200 hospitals across the US were affected by the 2014 Community Health Systems data breach. The hackers took advantage of weakness within Community Health Systems software and gained access to the personal data of over 4.5 million patients who had received treatment or been referred to a CHS hospital over a span of 5 years.

The data were stolen within the breach included:

  • Dates of birth
  • Phone numbers
  • Patient addresses
  • Social security numbers

7) 4.03 Million People Affected – Advocate Health Care

A healthcare service named Advocate Health Care suffered from several data breaches in 2013 after some of its computers were stolen. The breach affected 4.03 million patients and included personal information and patient medical records.

Advocate Health Care had to pay $5.55 million in a lawsuit settlement after this breach because the encryption protection that should have been in place had not been enacted after the theft of unencrypted data a few years earlier.

8) 3.9 Million People Affected – Medical Informatics Engineering

A data breach in July 2015 affected over 11 different health care providers and millions of individuals. Medical Informatics Engineering designs and builds electronic medical record software. They work with many large health care providers, which unfortunately led to over 3.9 million people being affected by this data breach.

Medical Informatics Engineering responded to the breach by sending letters to let the affected know their personal day had been lost. The data were stolen within this breach included:

  • Patient names
  • Social security number
  • Phone number
  • Email addresses
  • Date of birth

9) 3.62 Million People Affected – Banner Health

Banner Health reported a cyber-attack in August 2016 that affected 3.62 million people. The healthcare provider is based in Arizona and noticed the data breach due to some unusual activity on their private servers.

To identify the cause of this activity, Banner Health hired a cybersecurity team. Throughout the course of their investigation, the team found two separate data breaches in the company.

These breaches left millions of patients, carers, and staff at risk with the hackers acquiring:

  • Patient records
  • Credit card numbers
  • Expiration dates
  • Verification codes
  • Patient addresses
  • Birth dates
  • Social security numbers
  • The names of doctors

10) 3.47 Million People Affected – NewKirk Products

In August 2016, a massive data breach left over 3.47 million people vulnerable. NewKirk Products is a company that produces ID cards for healthcare services like HealthNow New York Inc, Capital District Physicians Health Plan Inc, and Blue Cross Blue Shield. Because they provide ID to some of the largest health insurance providers in the US, the NewKirk Products data breach was particularly damaging.

Overall, the attackers were able to obtain:

  • Medical ID numbers
  • Group IDs
  • Patient names
  • Carer names and any dependents
  • Dates of birth
  • Premium invoice details

Data Breaches Within Healthcare Seem to Happen A Lot!

Overall, these 10 data breaches had a huge impact on many lives. From the individual patients whose personal information was exposed to the organizations who lost time and money that could have gone towards the people in their care.

Although many healthcare companies should be doing everything they can to avoid these eventualities, sometimes these things slip through the cracks. So, keeping your own data as safe as possible is paramount.

Please be advised that this article is for general informational purposes only and should not be used as a substitute for advice from a legal professional. Be sure to consult a solicitor if you have been affected by a data breach. We are not liable for risks or issues associated with using or acting upon the information on this site.