Case Study - 2021

2021 Healthcare Breach

With Covid 19 still looming over our heads, in February 2022 it is important to find a way to protect our sensitive Personal Health Information. In 2021, Fierce Healthcare reported Critical Insights found "45 million (instances of) individuals (that) were affected by healthcare attacks." 

The HIPAA Journal reports that of the approximately 700 breaches of 2021, "44,993,618 healthcare records have been exposed or stolen, which makes 2021 the second-worst year in terms of breached healthcare records."  The firewall vendor Accellion was breached, totaling 3.51 million records stolen. "Four vulnerabilities in the legacy Accellion File Transfer Appliance (FTA) were exploited and more than 100 companies were affected, including at least 11 U.S. healthcare organizations. Basically, the services were being used to transfer large file sizes, that couldn't be communicated through email.

The well known Kroger Co. grocery chain and operator was hit hard with the Accellion breach. Over "1,474,284 individuals, names, contact information, Social Security numbers, insurance claim information, prescription information, and some medical history information was stolen in the attack." Kroger settled the lawsuits that resulted from this attack for $5 million.

A specific healthcare breach of a covered entity, reported to HHS Office, was the hacking incident of the Florida Health Plan, Florida Healthy Kids Corporation (See the HIPAA Journal). It resulted of a failed patch to their own internet site for a period of 7 years. This created an easy way for hackers to get in and steal, "highly sensitive information such as Social Security numbers and financial information." If you want to find more information about the different cyber attacks of 2021 specifically targeting healthcare information, check out the HIPAA Journal for more information.