Close Close

Life Health > Health Insurance

5 recent data breaches

Your article was successfully shared with the contacts you provided.

Hackers recently attacked the IRS, breaking into its system to steal data on 104,000 taxpayers and collecting up to $50 million in refunds. If that wasn’t painful enough for most Americans to think about, add in the pain from recent breaches of health care data that exposed the personal and health data of millions.

Now the question is not “whose data has been exposed?” but “whose data hasn’t been exposed, yet?”

In fact, the health care industry is experiencing a surge in data breaches, security incidents, and criminal attacks — exposing millions of patients and their medical records — according to the latest Ponemon Institute study.

Who is most vulnerable? Health care organizations including hospitals, clinics, private or public health care providers — also referred to as “covered entities;” and their “business associates,” including patient billing, health plans, claims processing, and cloud services.

Even the US Coast Guard, so proficient at protecting our coastlines, was recently slapped for serious shortcomings in protecting personal health information.

And, of course, you’ve heard the recent news of breaches at Anthem, Premera Blue Cross, and CareFirst.

Speaking of those breaches, the following slideshow identifies at a glance what was compromised. Let’s take a look (and be glad it isn’t longer).

What was exposed in recent breaches?


Thieves got “enough personal information on the taxpayers to get past the security filters on the ‘Get Transcript’ function on the Internal Revenue Service’s website,” said Commissioner John Koskinen. That access during mid-February through May allowed them to gain access to past tax returns. And, presumably, all the data you enter on a return: name, address, Social Security numbers, income, and more.

See also: Are you ready for the cybersecurity talk?

Beacon Health System 

Information on 220,000 of Beacon Health System’s patients and employees could have been compromised, Healthcare IT News reported, “including patient names, ID numbers, Social Security numbers, dates of birth, medical diagnoses, treatment data, drivers’ license information, and other medical-related information.” Apparently attackers gained access to these files via a phishing attack on Beacon employee email accounts in November 2013 and weren’t discovered until January 2015.

See also: Health insurers sail into cyber marshmallow zone


The 1.1 million-record hack of CareFirst, a BlueCross provider in Washington, D.C., occurred last June, and was just discovered recently. The hacked info “may have included member names, birth dates, email addresses and subscriber identification numbers. Additionally, CareFirst warned that the attackers may have acquired member-created user names for accessing CareFirst’s Website,” eWeek reported.

See also: Hackers breach D.C. insurer in latest attack on health company


Potentially exposed data from more than 11 million customers, including names, birthdays, email addresses, physical addresses, telephone numbers, Social Security numbers, member IDs, bank account information, medical information, and insurance claims.

See also: Hacked: Premera Blue Cross says data on 11 million exposed


This breach exposed data including Social Security numbers, addresses, email, employment and income data from as many as 80 million records.

We know what consumers are supposed to do in the wake of a data hack. “Check your bank accounts, monitor your credit” is the advice typically given. And, of course, take advantage of any credit-monitoring services your hacked provider is offering.

But what about the organizations themselves?

See also: Industry plans action after Premera hack


So what can I do? I’m not in IT

Plan and be proactive is the non-technical advice from the good people at LegalTech News. Beefing up your “cyberdefense” takes “a combination of technology, training and process management.”

When, in spite of your IT and security department’s best defenses, a breach occurs, “planning and proactivity can help mitigate the liabilities associated with data loss; this means thinking about the breach in advance, and having representatives from potentially affected departments ready to assess the situation and react accordingly, even if the internal resources needed for cybersecurity defense teams are unavailable.”

And, we suppose, be ready with a credit-monitoring service for your customers.

See also:

Here are 25 tips to both prevent and manage a cyber attack

Cyber attacks cost health system $6 billion annually

Obama issues exec order to fight cyber attacks