Share this article on:
Hacking continues to be a leading cause of healthcare data breaches. There have been 55 data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) as of March 13, 2017, a quarter of which were attributed to hacking. While unauthorized access/disclosure is the leading cause of healthcare data breaches in 2017 with 44% of the total number of reported breaches, hacking incidents have exposed more records. 260,277 patient and health plan member records have been compromised in hacking incidents – 60% of the total number of healthcare records exposed in 2017.
The two largest healthcare data breaches of the year to date and seven of the top ten healthcare data breaches of 2017 were due to hacking. A network server was compromised in all of those incidents. The largest hacking incident of 2017 impacted 85,995 patients of VisionQuest Eyecare of Indiana. The second largest incident, which impacted 79,930 individuals, was reported by Emory Healthcare and involved a hacked MongoDB database.
Hacked Network Server Discovered by CA-Based Tarleton Medical
The latest hacking incident affects Rancho Mirage, CA-based Tarleton Medical. On January 6, 2017, the medical practice run by Dr. Harold Tarleton, MD, discovered a server had been inappropriately accessed. Upon discovery of the security breach, prompt action was taken to isolate the server and secure patient data. A third-party computer forensics firm was brought in to conduct an investigation to determine the extent of the breach.
On February 2, 2017, the forensics firm determined that the server had been inappropriately accessed by a third party and the PHI of patients was potentially viewed. Information stored on the hacked server included names, addresses, birth dates, healthcare claims information and Social Security numbers.
A breach notice has been submitted to the California attorney general’s office and the Department of Health and Human Services Office for Civil Rights. The latter notification indicates 3,929 individuals have been impacted by the breach, all of whom have been offered identity theft protection and credit monitoring services without charge for a period of 12 months.