More than 40 million people had their health information leaked in 2021

William S. | December 15, 2021

A data breach comes with many negative consequences to the organization, such as financial and reputational losses. However, when cybercriminals launch attacks on health institutions, it puts in danger not only the organization but also patient lives.

According to the recent Atlas VPN team findings, over 40 million people had health information leaked in the United States in 2021 alone. Furthermore, the number of data breaches and patients affected by them has spiked tremendously.

The data is based on the U.S. Department of Health and Human Services Office for Civil Rights database. Health organizations must report any health data breaches that impact 500 or more people to the secretary, which makes them public.

In May 2021, 6.5 million people were affected by 50 breaches in health organizations. 20/20 EyeCare Network reported a significant compromise in May, leaking over 3 million people’s social security numbers, date of birth, and health insurance information. Cybercriminals gained access to its servers that stored sensitive patient data.

In January, hackers stole information of nearly 5.8 million people throughout 29 breaches. Florida Healthy Kids Corporation suffered the biggest data breach of the year (in health organization context), which allegedly affected about 3.5 million people after a cyberattack on its web-hosting platform. Luckily, the further investigation suggested hackers exfiltrated no data.

In July, 5.6 million people’s data was compromised by cybercriminals throughout 64 breaches. In the same month, Forefront Dermatology reported about their data breach, which may have exposed more than 2.4 million patient and employee records. Threat actors accessed specific files containing patient names, addresses, medical record numbers, and more.

Throughout August, another 40 breaches occurred, affecting 5.1 million people. All other months averaged between 1 to 4 million victims of data theft from health organizations, except December, which is still ongoing.

Worrying uprise of cyberattacks

Health institutions are very lucrative targets for hackers as such organizations store an incredible amount of personal patient data. Attackers can sell private information, which is worth a lot of money — making the healthcare industry a growing target.

In 2020, 15.1 million people suffered from health organization data breaches in the United States. In 2021, this number surged by 177% to the heights of 42 million victims. The total number of compromises against health organizations also increased significantly from 257 data compromises in 2020 to a staggering 587 in 2021, a 128% increase. Unfortunately, data leaks would reach 36 billion in 2020.

Data breaches in health organizations can harm patients in several ways. Exposed information can cause tremendous financial losses to a person and disrupt healthcare institutions’ usual services. After a successful cyberattack, hospitals could struggle to provide quality care to the people treated there.

Healthcare institutions have not prioritized cybersecurity because many of them lack the financial resources to do so. However, as more cyberattacks are being launched at hospitals, they are starting to make changes. Healthcare organizations need to take their cybersecurity to the next level, as keeping patient data safe is their responsibility.

If you believe a security breach exposed your information, you can use the Atlas VPN Data Breach Monitor feature. It constantly scans leaked databases and informs you about any past or recent compromises. The feature allows you to review what, when, and where security breaches exposed your information.


© 2023 Atlas VPN. All rights reserved.