A new list of top 5 healthcare data breaches?

HCA Healthcare just last week disclosed a massive data breach that affects the information of around 11 million patients, via a breached external storage location.  Comprising 182 hospitals and 2,200 care centers across the US and UK, HCA Healthcare is a prominent firm in the industry.  In fact it ranks #62 on Fortune 500’s largest US corporations by total revenue.  HCA itself reports treating 37 million patients annually.

Samples of the stolen data—17 files and 28 million database patient records—have been posted to a hacking forum as proof of the thief’s culpability.  Standard profit motive changed the hackers’ strategy: once HCA declined to pay whatever blackmail there was, the perpetrators put the data up for sale on the dark web.  In full it includes data like names, addresses, other contact and certain medical information.  The primary value in such data for prospective buyers is, as ever, that it could be used in various types of social engineering schemes, like phishing.  In this method of attack, cyber criminals reach out to their target, usually via email or text, posing as an authentic or even trusted contact, all in an effort to dupe the recipient into divulging sensitive information or clicking on a link.  This gives the intruder a foot in the door of the organization’s network, and the opportunity to do further damage.

HCA has begun an investigation into their incident, and has encouraged people to be vigilant about their personal data: to be on guard against illegitimate contact attempts.  In the meantime, the organization will offer credit monitoring and identity theft protection “where appropriate.”  Hopefully, “where appropriate” means to anyone among the affected patients who needs it.

That number equaling 11 million also means that this breach has made the top 5 list of breaches against health care organizations – those that were reported to the Department of Health and Human Services Office of Civil Rights.  The top spot, of course, remains the 2015 Anthem data breach and the nearly 80 million people wrapped up in that one. 

NetLib Security’s Encryptionizer solution protects your sensitive data, rendering it useless to cyber criminals.  Protecting medical information for the healthcare industry is a particular area of strength for NetLib Security, and Encryptionizer is a critical tool for personal health information (PHI) and electronic health records (EHR). No one wants to buy or sell data that has been encrypted.  Encryptionizer provides this protection with out-of-the-box encryption of stored data, with no additional programming or administrative changes required.  Don’t find your own data in stock on the dark web; try a free evaluation of Encryptionizer here.