Healthcare industry in January reported 958,000 records breached

In the first month of 2021, healthcare providers, insurers and their business associates reported nearly 958,000 patient records breached.

The largest breach reported in January affected roughly 640,000 patients at Abilene, Texas-based Hendrick Health.

Last year’s largest breach compromised data on nearly 1.3 million patients.

Hendrick Health on Jan. 15 reported that a hacker may have accessed patient data on the system’s network between Oct. 10 and Nov. 9. The incident, which led Hendrick Health to shut down IT networks in November, may have exposed patient names, Social Security numbers and demographic information, according to a notice posted on the system’s website.

HHS gives HIPAA-covered entities 60 days from when they discover a breach to notify the department, so many of the incidents reported to OCR in January were discovered in November and may have taken place even earlier.

The breach at Hendrick Health did not affect the health system’s electronic health record system.

The second-largest breach reported in January, in which an unauthorized user gained access to three email accounts of employees’ at Roper St. Francis Healthcare in Charleston, S.C., affected nearly 190,000 patients.

As of Feb. 10, HHS’ Office for Civil Rights posted 30 breach reports that organizations had submitted to the agency in January.

Collectively, nearly 958,000 patients had data exposed in those 30 healthcare data breaches, according to OCR. Seven of the breaches compromised data on 10,000 or more patients.

Hacking and IT incidents accounted for nearly two-thirds of breaches reported in January. One breach resulted from loss; the remainder resulted from unauthorized access or disclosure.

In terms of patients affected, January represented a 52.1% increase from January 2020, when organizations reported 49 breaches affecting nearly 630,000 patients. In the month prior, December 2020, more than 4 million patients were affected in 62 breaches.


Liked Liked