The logo for ertech pros it cloud compliance cybersecurity
(855) ER-TECH-1
A white background with a few lines on it
A white background with a few lines on it
(855) ER-TECH-1

The Biggest HIPAA Breaches of 2021 So Far

October 19, 2021

In the month of September 2021 alone, the Department of Health and Human Services (HHS) received 40 reports of data breaches within the healthcare industry.


That’s a total of 1,206,799 people in the United States with compromised protected health information (PHI)...in just one month.


If that doesn’t sound like much, take note that the list of reports only includes data breaches that affect 500 or more individuals — you can imagine how long the list would be if they included incidents that affected fewer than 500 people.


The 2021 Identity Breach
Report by Constella found a 51% increase in data breaches and leakages in the healthcare industry compared to 2019. Cybersecurity experts attribute this upswing to the COVID-19 pandemic. 


According to Constella CEO Kailash Ambwani, "The COVID-19 pandemic has shown us the fragility of our online infrastructure. As people continue to rely on digital solutions and working from home, both companies and individuals must take new precautions to protect themselves from potential threat actors."


The HIPAA Wall of Shame

Data breaches in the healthcare industry translate to one thing: HIPAA violations.


The HHS’s Office of Civil Rights takes every HIPAA breach very seriously — so seriously that it posts an updated list of breaches of unsecured PHI on the web. The list has an unwelcome moniker in the healthcare compliance industry:
The HIPAA Wall of Shame.


We’ve looked into the HIPAA Wall of Shame, and the list was alarmingly long. For the year 2021, here are the top five biggest data breaches among healthcare organizations so far, based on the number of individuals they affected.


Florida Healthy Kids Corporation

Individuals Affected: 3,500,000

Type of Breach: Hacking/IT Incident


The Florida Healthy Kids Corporation kicked off 2021 with not just the largest
breach of the year, but the largest one ever reported.


On January 29, the Florida-based health insurer reported that a breach had occurred at Jelly Bean Communications Design, the company that hosted its website as well as the Florida KidCare app.


Investigation reports show that hackers exploited long-existing vulnerabilities in the platform to gain access to a portion of the Florida KidCare application, compromising the PHI of up to 3.5 million people.


The hackers then altered the addresses of thousands of applicants and enrollees. However, they also potentially accessed other data such as:


  • Names
  • Dates of birth
  • Telephone numbers
  • Email addresses
  • Social Security numbers
  • Financial information
  • Secondary insurance information


Forefront Dermatology, S.C.

Individuals Affected: 2,413,553

Type of Breach: Hacking/IT Incident


In June 2021, Wisconsin-based Forefront Dermatology, S.C. detected a major
breach. Its investigation shows that unauthorized parties were able to gain access to its IT system and were able to access files that contained the personal data and PHI of employees, current patients, and former patients. The breach appears to have taken place between May 28 and June 4. 


The information potentially accessed by the unauthorized parties were:


  • Patient names
  • Addresses
  • Dates of birth
  • Patient account numbers
  • Health insurance plan member ID numbers
  • Medical record numbers
  • Dates of service
  • Accession numbers
  • Provider names
  • Medical and clinical treatment information


So far, there is no evidence that the individuals’ Social Security numbers, driver's license numbers, or financial account information were involved.


The Kroger Company

Individuals Affected: 1,474,284

Type of Breach: Hacking/IT Incident


Kroger may look out of place on this list, but the Cincinnati-based grocery chain actually operates 2,254 pharmacies and 224 medical clinics all over the United States.


In January 2021, Kroger was notified that an unauthorized party had gained access to Accellion — the software company Kroger used to securely transfer files — by exploiting a vulnerability in the service. 


Though the
incident did not affect Kroger’s own IT systems and grocery store systems, it impacted HR data, pharmacy customer information, and clinic patient information because these were the files that Kroger transferred using the Accellion software. The breached information included:


  • Patient names
  • Addresses
  • Telephone numbers
  • Dates of birth
  • Social Security numbers
  • Insurance claim information
  • Prescription information
  • Some medical history information


According to Kroger’s investigation, the incident did not impact customer passwords, credit or debit card information, and digital wallet information.

Technology Guides The Biggest HIPAA Breaches of 2021 So Far by ER Tech Pros

St. Joseph's/Candler Health System, Inc.

Individuals Affected: 1,400,000

Type of Breach: Hacking/IT Incident


In August 2021, St. Joseph's/Candler Health System reported a ransomware
attack. The Savannah-based organization announced that a hacker had gained access to its IT network sometime between December 18, 2020, and June 17, 2021.


The network breach temporarily disrupted telephone communications, took computer systems offline, and made certain files inaccessible. Unable to access their computer systems because of the attack, St. Joseph’s/Candler staff had to implement emergency protocols and revert to pen and paper to record patient data.


According to investigation reports, hackers gained access to parts of the network that contained files that included patients’ PHI. The files contained patient data such as:

  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Driver’s license numbers
  • Patient account numbers
  • Billing account numbers
  • Financial information
  • Health insurance plan member IDs
  • Medical record numbers
  • Dates of service
  • Provider names
  • Medical and clinical treatment information regarding care received from St. Joseph/Candler


University Medical Center of Southern Nevada

Individuals Affected: 1,300,000

Type of Breach: Hacking/IT Incident


In June 2021, University Medical Center of Southern Nevada experienced a ransomware
attack that resulted in stolen patient data. The perpetrators appear to be the Russia-based ransomware gang REvil (short for Ransomware Evil), whom the affected hospital described as “a well-known group of cybercriminals that seeks to use the information for commercial gain.” 


The attackers seem to have been targeting a server that was used to store patient data. 


Though the hospital said no evidence has been found to indicate misuse of patient information, the forensic investigation confirms that the attack compromised certain files containing patients’ PHI including:


  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Health insurance information
  • Financial information
  • Some clinical information (medical histories, diagnoses, test results)


The Common Denominator

Did you notice the common denominator on our list? We did.


They all had the same cause of data breaches: Hacking or IT incidents.


In fact, out of the top 100 HIPAA breaches in 2021 so far, 93 were caused by hacking or IT incidents.


Being vulnerable to a cyber attack is no joke. One incident can put your patients’ lives at risk, cost you a lot of money, and take your entire practice down.


Cybercriminals are constantly looking for ways to access your data, and the five HIPAA breaches on our list are proof of that. Malicious actors exploit technology vulnerabilities, employ social engineering, and patiently wait for the perfect opportunity to strike just to get their hands on the data that you handle.


Equip yourself, your practice, and your entire team with the
technology and training you need to steer clear of cyber threats. 


Partner Up and Avoid the HIPAA Wall of Shame

With cybercriminals using advanced technology, tried-and-tested techniques, and the effects of a pandemic to their advantage, you’re going to need all the cybersecurity help you can get.


The simple antivirus and firewall protection just won’t cut it anymore. You need HIPAA-compliant technology and cyber literate manpower to keep attackers away from your practice.


Here at
ER Tech Pros, we specialize in giving healthcare organizations the IT, cloud, and HIPAA compliance support they deserve. Our entire team of tech and cybersecurity experts are ready to help you.

TALK TO A CYBERSECURITY PRO TODAY

Search Articles

Data from all over the world are stored securely through cloud management platforms.
By Jadys Merill Diez December 19, 2024
From saving time to cutting costs, cloud hosting benefits businesses. Explore its benefits and why ER Tech Pros is your best partner.
Login credentials are being filled in automatically in the browser.
By Jadys Diez November 8, 2024
Is your browser-based password manager secure enough for work? Learn the risks and discover safer alternatives for businesses.
A shield with a padlock on it is surrounded by icons.
By Jadys Diez October 25, 2024
Cloud-based or on-site? Compare IT solutions for healthcare, covering data security, scalability, cost, and more in this comprehensive guide.
A cityscape with a lot of buildings and icons on it.
October 21, 2024
Discover how to turn IT from a cost center into a profit driver. Learn strategies to optimize technology investments, boost efficiency, and align IT with business goals for greater profitability.
A city at night with a lot of icons connected to each other.
By Jadys Merill Diez September 18, 2024
Is your medical clinic ready for Wi-Fi 7? Understand its benefits, assess your needs, and learn how ER Tech Pros can guide you.
A blue arrow pointing down on a dark background
By Jadys Merill Diez July 18, 2024
Learn to spot and avoid dangerous download links. Keep your business safe from cybersecurity threats with expert insights from ER Tech Pros.
An aerial view of a city at night with a lot of wifi signals coming out of the buildings.
By Jadys Merill Diez July 10, 2024
Don't let public Wi-Fi put your data at risk – rely on ER Tech Pros' cybersecurity expertise for comprehensive protection.
A man is using a tablet computer with a check mark on it.
By Aprillice Tangpos June 4, 2024
ER Tech Pros is a reliable partner that offers the best healthcare cybersecurity identifying the factors to eliminate cybersecurity threats in healthcare.
A computer screen with the word hacked on it
By Jadys Merill Diez May 24, 2024
Partnering with trusted healthcare cybersecurity firms like ER Tech Pros exists to protect our data from hacking to ensure that sensitive data remains protected.
data diddling
By Aprillice Alvez April 15, 2024
Protect your healthcare practice from data diddling by educating your team on vulnerabilities and investing in prevention techniques like data validation.
Show More

Healthcare & Tech Articles

Data from all over the world are stored securely through cloud management platforms.
By Jadys Merill Diez December 19, 2024
From saving time to cutting costs, cloud hosting benefits businesses. Explore its benefits and why ER Tech Pros is your best partner.
Login credentials are being filled in automatically in the browser.
By Jadys Diez November 8, 2024
Is your browser-based password manager secure enough for work? Learn the risks and discover safer alternatives for businesses.
A shield with a padlock on it is surrounded by icons.
By Jadys Diez October 25, 2024
Cloud-based or on-site? Compare IT solutions for healthcare, covering data security, scalability, cost, and more in this comprehensive guide.
More Posts
Share by: