70 Breaches Added to Wall of Shame in Last Month

159 Major Breaches in 2021

About 70 major health data breaches have been added to the federal tally in the last four weeks as ransomware attacks have persisted and breaches at vendors have affected clients.

As of Monday, the Department of Health and Human Services’ HIPAA Breach Reporting Tool website showed 159 breaches affecting a combined total of 12.5 million individuals have been added to the tally so far this year.

That’s up substantially from the 89 breaches affecting 7.3 million individuals that had been added as of March 15.

10 Largest Health Data Breaches Added to Tally in 2021

• Florida Healthy Kids Corp. – 3.5 million
• The Kroger Co. – 1.47 million
• American Anesthesiology Inc. – 1.27 million
• Health Net Community Solutions – 687,000
• Hendrick Health – 640,000
• Trinity Health – 587,000
• Health Net of California – 524,000
• Bricker & Eckler LLP – 421,000
• Total Health Care Inc. – 221,000
• Woodcreek Provider Services LLC – 207,000

The 10 largest health data breaches added to the tally so far in 2021 were all reported as hacking/IT incidents. Five of those 10 largest breaches were reported to HHS after March 25.

At least four of the 10 largest breaches — The Kroger Co., Health Net Community Solutions, Health Net of California, and Trinity Health — stemmed from the December cyberattack on Accellion’s File Transfer Appliance product.

Of all the breaches added to the tally, nearly 68% were reported as hacking/IT incidents; those affect-ed a combined total of nearly 12.1 million individuals.

Vendor Incidents
In 2021, 61 breaches affecting more than 8.2 million people involved Business Associates. As of the end of the first quarter, 36% of the health data breaches involved business associates, but those incidents represented about 64% of the individuals affected by breaches.

Changing Times
Thanks to encryption, multi-factor authentication, and other security policies put in place so far this year, only one breach added to the tally involves the theft or loss of an unencrypted computing device, which was a leading cause of breaches back when the tally originated in 2009.

That lost laptop incident, reported by Florida-based WeCare TLC in January, affected about 2,300 individuals.

If you have questions about how to protect your organization from hacking and cybercrime, call IT-PAC today.