In Nevada, a health insurance firm has publicly reported the theft of patient information, which occurred in November of 2020. Prominence Health Plan only learned of the breach in April of 2021 and is sending letters to individuals whose information may have been compromised.

The data leaked took the form of audio file and letters to patients with claim approvals or denials. Both mediums may have included people’s full names, mailing addresses, and health insurance claim codes. Could cyber criminals leverage this information to blackmail patients and to extort them?

As many as 45,000 clients are expected to receive notices concerning the exposure of their personal information. Those affected will receive credit monitoring and ID theft assistance.

For clients who may experience fraud due to this event, Prominence has established a dedicated assistance line.  The data breach did not involve theft of social security or financial information.

Health and Human Services’ reporting

The US Department of Health and Human Service’s HIPAA Breach Tool Website maintains a public list of data breaches affecting the health information of 500 or more individuals.

More than 250 major breaches have been added to the roster since the start of this year and data shows that over 17 million individuals have experienced impact. In other words, roughly one in 20 American adults may have personal data floating around the internet.

By the numbers

  • Nearly 70% of the breaches listed this year have been classified as “hacking/IT incidents”
  • The No.1 largest healthcare breach of this year has targeted Texas-based NEC Networks
  • Since reporting started in 2009, 80% of known large-scale health data breaches involve ransomware, according to expert Susan Lucci

“Breach Complex”

Have you heard of a “breach complex”? It refers to entities that experience similar, related incidents that occur through the mishaps of one specific vendor. A breach complex can expose the information of many individuals affiliated with assorted organizations and can lead to identity theft, extortion threats and beyond.

Other healthcare hacks

In San Diego, more than 125,500 individuals saw their data compromised via a breach that affected San Diego Family Care, a non-profit, California-based community clinics group. More than 294,000 individuals associated with a partner organization were also affected. In a joint statement, the providers noted that they had “experienced a data security incident that resulted in the encryption of certain data”. These twin breaches appear to have occurred due to the security profile of a mutual service provider.

In New York, an attack on the Orthopedic Associates of Dutchess County required the practice to notify 331,400 affected individuals. According to the practice’s management, systems experienced encryption. As the attack progressed, patient data was “removed/viewed”.

Most of the US affected?

Since the Department of Health and Human Services started its breach documentation website in 2009, more than 3,977 incidents have been reported. In total, these have affected 290 million individuals. Roughly 328 million individuals reside in the United States. This suggests that over 85% of the US population’s healthcare data has been compromised.

To see Cyber Talk’s coverage of the recent CVS data breach, click here. To learn more about the importance of securing healthcare data, click here. For more information on the Prominence Health data breach, visit ABC news.