By Alisa Fetic
By now, we have all come to the collective conclusion that this new decade is destined to be anything but predictable.
Yet even as headlines remain wracked by uncertainty here, recession talk there and so on and so forth, the unfortunate reality is that the world of cybersecurity and user confidentiality is at an inflection point beyond even the most austere of reasoning.
In fact, it almost seems as though the one thing that can be predicted with confidence in the 2020s is the almost inevitable leak of user records and confidential data from organizations and institutions we are all encouraged to put unshaking faith in.
So it is with the healthcare industry, which has been beset by data privacy failures both egregious and baffling – and these are only the data privacy failures that have been reported on.
Here are some of the most outrageous data privacy failures in the 2022 healthcare industry.
Shields Health Care Group
Based in Massachusetts, Shields Health Care Group has endured a springtime in 2022 that it would likely sooner forget. That is because, during March 2022, an unknown criminal gained unauthorized access to the organization’s files – the only clue to their presence being unusual network activity.
By the time this was noticed, the damage was done. The criminal obtained data of over 2 million patients and clients of Shields Health Care Group, up to including private data and social security numbers.
Shields Health Care Group has asserted that it will improve its data security best practices – scant comfort, perhaps, to the 2 million patients affected.
OneTouchPoint (OTP)
A data breach as reported to OCR by OneTouchPoint (OTP) in July 2022 was initially thought to affect some 1 million people – itself, not an impressive or admirable figure.
Yet as third party investigations into this healthcare data breach deepened, it was discovered that the problem was even worse than initially realized – actually affecting over 2.6 million individuals.
This data privacy breach occurred due to unauthorized access to OTP’s systems as far back as April 2022, affecting name data, member identification and sensitive health consulting notes from patient appointments.
Professional Finance Company (PFC)
Colorado-based Professional Finance Company (PFC) is an unfortunate example of how players in verticals parallel to the healthcare industry can still have a devastating effect on patients’ lives when security breaches occur.
Believing that it had successfully overcome a ransomware attack in February 2022, PFC later discovered that sensitive data pertaining to client records, account receivable balances, social security numbers and worse had been stolen by a threat actor.
Since Professional Finance Company has links to over 660 healthcare organizations as clients, it is thought over 2 million individuals have been affected by this hack. PFC responded by wiping its records and starting over, yet the unfortunate reality is that the data is already stolen.
Novant Health
Oftentimes, healthcare data privacy breaches do not occur due to criminal interference. It can just as easily be an unfortunate software glitch.
So it is with Novant Health, who was forced to inform 1.3 million patients of unauthorized disclosure of sensitive protected health information.
No hacker perpetrated this breach – instead, it came about owing to a fault with Meta Pixel, a Javascript program that was sending reams of private data to Facebook automatically due to being incorrectly configured for use within a healthcare organization.
Baptist Medical Center
Baptist Medical Center, an affiliate of Tenet Healthcare, endured a springtime cyber attack that let a criminal remove 1.2 million individual patient personal details from the organization’s records.
These include in depth health records, social security numbers, patient names and addresses – once again, everything a criminal needs to commit fraud or disrupt lives on a massive scale.