Large Hacking Incidents Increasing Since February

The number of major health data breaches and the number of individuals posted to the HHS “Wall of Shame” so far in 2022 has surged in recent weeks as reports of large hacking incidents continue to flow into regulators.

As of last week, the HIPAA Breach Reporting Tool website shows that 117 breaches affecting about 5.32 million people have been posted in 2022.

That’s an increase of nearly 83% in the number of breaches posted on the HHS site for 2022 and about a 72% surge in the number of individuals affected by those incidents since Feb. 22, when there were 64 breaches accounted for.

Four hacking incidents reported in March are among the 10 largest health data breaches of 2022. Those four breaches alone affected a total of more than 1.2 million individuals.

Hacking Incidents Dominate
The largest breaches added to the federal tally in recent weeks are all hacking incidents. They include:

West Virginia-based Monongalia Health System, or Mon Health, reported to HHS on Feb. 28 a ransomware incident affecting nearly 493,000 individuals. That came right on the heels of a December phishing email breach affecting 399,000 individuals.

Colorado-based South Denver Cardiology Associates reported to HHS on March 4 a hacking incident affecting nearly 288,000 individuals. The breach is still under investigation, and details about the type of hacking incident are not yet reported.

Alabama-based Norwood Clinic, a multispecialty medical practice, reported to HHS on Feb. 25 a hacking/IT incident affecting 228,000 individuals.

Montana-based Logan Health Medical Center, formerly Kalispell Regional Healthcare, reported to HHS on Feb. 22 a hacking/IT incident involving nearly 214,000 individuals. A proposed class-action lawsuit involving the breach was filed earlier this month against Logan Health in a Montana federal court.

Of the 117 breaches affecting 5.31 million individuals added to the federal tally thus far in 2022, the vast majority — 96 breaches affecting 5.14 million individuals — were reported as hacking/IT incidents.

Evolving Trends
Expect the current hacking incident trends involving data exfiltration and ransomware to persist and potentially morph in the months ahead. The expectation for 2022 should be that current trends will continue — notably because of the economic sanctions imposed on Russia and the need to make up that revenue.

If you have questions about hacking, ransomware, and IT security, call ITPAC today.