The 7 Biggest Healthcare Security Incidents of 2017

Over the past few years, healthcare has proven itself as a lucrative target for cyber criminals. The year 2017 exceeded the year before by one healthcare breach per day. In fact, hundreds of breaches occurred with millions of patient records exposed. Here are seven of the biggest breaches that happened in 2017 in the US and around the world.

1. Mid-Michigan Physicians Imaging Center

Just over 106,000 patients of Mid-Michigan Physicians Imaging Center were notified that their personal health information (PHI) had been confiscated during a successful data breach.

The system that was breached contained house-scanned documents with physician authorizations, orders, scheduling information and other documents. Included in the data was very sensitive information including patient names, Social Security numbers, dates of birth, addresses, phone numbers, medical record numbers and diagnoses.

2. St. Mark’s Surgery Center, Florida

This medical group was hit by a severe ransomware attack that took place in mid-April; but because they did not have an efficient means of detecting and responding to the threat, it was not discovered until May 8 when the damage was already done.

The personal health information of 33,877 patients was stolen including patient names, dates of birth, Social Security numbers and medical information. St. Mark’s worked with a third-party cybersecurity firm to remove the ransomware and conduct a forensic investigation. The firm confirmed to St. Mark’s that the malware was entirely removed and any continued access was blocked. However, the incident was still reported to all impacted patients as well as the HIPAA authorities.

3. Anthem BlueCross BlueShield

Anthem experienced a breach that affected about 18,000 Medicare members. The breach stemmed from Anthem’s Medicare insurance coordination services vendor LaunchPoint Ventures. Without a means to detect internal suspicious activity, an employee was stealing and misusing Anthem and non-Anthem data. The employee emailed a file containing information about Anthem’s members to his personal address on July 8, 2016. The file contained Medicare ID numbers, including Social Security numbers, Health Plan ID numbers, names and dates of enrollment. Officials said limited last names and dates of birth were included.

4. Women’s Health Care Group of Pennsylvania

300,000 of this organization’s patients were affected by a ransomware attack that put their PHI in significant danger. The health system discovered a server and workstation at one of its practices was infected by ransomware on May 16, which according to further investigation had been infected since January. As the organization did not have a sufficient means of detecting the threat, the hackers were able to use that period of time to collect patient’s names, Social Security numbers, birth dates, pregnancy histories, blood type information, lab results, medical record numbers, insurance information and medical diagnoses. This led to sensitive information being in the hands of cyber criminals, which can be sold on the dark web for exorbitant amounts of money.

5. University of California Davis Health

A successful phishing attack at UC David Health compromised the health information of about 15,000 patients. Officials discovered the breach on May 15, when an employee responded to a phishing email with his or her email account login credentials. The hacker proceeded to access that account.

Because the employee didn’t have the proper security awareness training, they were unable to avoid the phishing scam because they didn’t realize it was malicious activity. As a result, the hacker was able to access the employee’s email messages and obtain patient PHI. Furthermore, the cybercriminal used the email account to send emails to other staff members and requested bank transfers for large financial sums. 

6. Bupa Global Health Insurance

The personal information of 108,000 Bupa customers was exposed after an employee maliciously copied and stole the data. The employee was able to achieve this because Bupa did not have an efficient method of detecting internal suspicious activity. Bupa is an international health insurance that covers people around the world who frequently travel or work overseas.

7. Feinstein & Roe MDs, Los Angeles

A hacker known as TheDarkOverlord was able to obtain sensitive data from this medical organization. He announced this successful hack via his twitter page—the data includes names, dates of birth and addresses of nine celebrities who endorsed the provider. For some, Social Security numbers were also listed. The hacker did not specify how he or she was able to obtain these records; however, the fact that he did meant the medical practice did not have a strong enough security infrastructure or a proper means of detecting threats.


Of course, this is just a small snapshot of the hundreds of healthcare organizations that became victim to cybersecurity criminals in the past year. It is clear that cyber criminals have made healthcare organizations their primary target. The consequences of a cyber-attack can be detrimental to both the patients and also to the future success of the medical practice, meaning it’s time for them to enhance their security practices.


Handpicked for you:

Download HIPAA compliance eBook