Now a days, healthcare Industry and health data is a prime target for Cyber Criminals. From recent reports, we have been seeing that healthcare breach incidents are increasing. Cyber Criminals are selling health data on the dark web, making you vulnerable to cyber-attacks. Today we will discuss top 5 Healthcare breaches that happened in 2019.
1. 150,000 of medical injury claim record exposed by X Social Media Ad Agency: – X Social Media is an Ad Agency which is based in Florida. X Social Media Ad Agency use Facebook to advertise various campaigns for its law firm customers. X Social Media has exposed nearly 150,000 records. The database was left unsecured and without password. Anyone having an internet connection can see the database. Two security researchers from vpnMentor named Noam Rotem and Ran Locar found this database left unprotected online. They reported it to the company. The database was discovered by the Researchers on June 2, 2019. They reported the X Social Media Ad agency on June 5, 2019, but did not get any response. Then they again reported this on June 11, 2019 and on June 11, 2019 the database was secured by the X Social Media Ad agency. The database includes First and last name, Email address, Street address, Phone number, IP address, Circumstances of the injury, Explanation about the injury.
2. Red Deer Hospital’s Patients Information stolen: – Two hard drives were stolen from Red Deer Hospital. The hard drive was installed in an electromyogram (EMG) and an electroencephalogram (EEG) machine. May be 6,129 patients information is compromised by this incident.
According to https://www.reddeeradvocate.com “Individuals receiving notification letters will be able to contact a dedicated call-line available through Health Link (811) to ask any questions they may have. Alberta Health Services says it takes the privacy and confidentiality of patient information seriously and has stringent policies in place, including policies pertaining to the electronic storage of patient records. A review of security in the hospital is underway to identify possible enhancements.”
3. Over 400,000 OPKO Health Inc. clients health information compromised by Data Breach: – OPKO Health Inc. is a Medical tests and medication firm. OPKO Health Inc. present in over 30 countries. OPKO Health Inc. says its subsidiary BioReference Laboratories Inc. was notified by AMCA (American Medical Collection Agency ), an unauthorized activity was found on its payments page.
Bleeping Computer reports that “According to a filing with U.S. Securities and Exchange Commission (SEC), AMCA told the OPKO Health subsidiary that an unauthorized party accessed the BioReference medical test data of around 422,600 patients between August 1, 2018, and March 30, 2019.”
Breach data included patient name, date of birth, address, phone, date of service, provider, and balance information. Payment Information and PII data also may be compromised by this incident.
4. Nearly 2 Million patients were affected by Quest Diagnostics Breach: – Quest Diagnostics is a medical testing company located in United States. Nearly 11.9 million patients may have affected by a Data Breach. AMCA says no laboratory test results were breached by this security incident. AMCA says breach information includes personal information, financial data, Social Security numbers, and medical information. Quest Diagnostics said “not been able to verify the accuracy of the information received from AMCA.”
Quest Diagnostics also included “Quest is taking this matter very seriously and is committed to the privacy and security of our patients' personal information. Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA. Quest will be working with Optum360 to ensure that Quest patients are appropriately notified consistent with the law. We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more.”
5. Nearly 137 K United States peoples Medical Info and personally identifiable information (PII) data exposed: – More than 100,000 individuals’ personally identifiable information (PII) and medical information exposed by a data breach. A security researcher named Jeremiah Fowler discovered this security incident. He found an Elasticsearch database left unprotected over the internet. He noticed the Elasticsearch database on March 27, 2019. Researcher found that the database belonged to SkyMed.
The researcher says “the Elastic database was set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials.”