Dive Brief:
- Following a dizzying rush of healthcare data breaches this year, Kaiser Permanente and the Arizona-based hospital Yuma Regional Medical Center both announced hacks in June that had exposed the data of roughly 770,000 combined patients in April.
- About 700,000 patients’ social security numbers and medical information were compromised in the Yuma cyberattack, while nearly 70,000 patients’ full identities and lab results may have been revealed in the Kaiser Permanente intrusion.
- The two cybersecurity vulnerabilities come after the biggest healthcare cyberattack of the year, which took place in March and compromised the data of almost 2 million patients at facilities connected to the Shields Health Care Group, a company based in New England.
Dive Insight:
According to a statement Kaiser Permanente sent to patients, patients of Kaiser Foundation Health Plan of Washington were informed in June that an unauthorised party had accessed an employee’s emails on April 5 and that patient data including first and last names, dates of service, laboratory test information, and medical record numbers were potentially exposed.
Despite the fact that private emails were made public, the health giant claimed there was “no indication” the party had actually accessed patient data, and email access was immediately reset and terminated.
At Yuma Regional Medical Center, internal hospital systems were compromised by ransomware between April 21 and April 25, allowing access to patient data. Despite the fact that the health system claimed it responded immediately to the discovery by contacting law enforcement and hiring a third-party forensic company, the hospital claims that a subset of files containing patient information, including names and social security numbers, were removed and made public as a result of the incident. In reaction to the event, the system provided free credit monitoring and identity theft protection services to affected patients, according to a system announcement.
The hacks are the most recent in a string of significant healthcare data breaches that have occurred over the past year. Examples include Florida-based North Broward Hospital District’s breach in October 2021 that affected 1.3 million patients and health system Tenet’s cybersecurity incident that briefly disrupted operations in April.
According to the HHS Office for Civil Rights webpage, which publishes a list of healthcare breaches affecting 500 patients or more, nine cybersecurity incidents involving healthcare have been reported thus far in June alone.
According to cybersecurity company Critical Insights, a record 45 million patients were affected by healthcare cybersecurity breaches in 2021, more than quadruple the number of patients affected by data breaches in 2018.
