Biggest Healthcare Data Breaches (And What You Can Learn From Them)

Medicus IT

By Medicus IT

Medical records are extremely enticing to hackers and thieves for two main reasons.

According to Pat Calhoun, senior vice president of network security at Intel Security in an interview with The Atlantic, one reason is that medical information has a higher black market value than credit card information. While you can cancel a credit card, the process for resolving medical ID theft is much more complicated.

Hackers also know that the medical industry is further behind the financial industry in terms of dealing with stolen data, making it easier to obtain and use.

Now, more than ever, healthcare companies and organizations must prioritize the security of their networks.

Otherwise, they may end up falling into the same trap as the following companies:

Biggest Healthcare Data Breaches

Anthem Blue Cross 

78 million affected 

January 2015

Over a few weeks in January, hackers stole nearly 80 million individuals personal information from Anthem Inc. While an investigator would eventually determine that the problems in their systems were common among companies containing data of that size, Anthem did eventually settle several civil class-action lawsuits to the tune of $115 million.

Office for Civil Rights Director Roger Severino said the following, "The largest health data breach in U.S. history fully merits the largest HIPAA settlement in history. Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people's private information."

The lesson here: just because other companies of your size aren't taking the necessary precautions doesn't mean you shouldn't either. Only compare yourself to another company if you're trying to improve your security.


Premera BlueCross

11 million affected 

January 2015

While Premera Blue Cross did make their data breach public (as they should), they were also accused of willfully destroying evidence that would be crucial for finding out details in the security breach. This should go without saying, but if you ever have a data breach, you must comply with the investigation of the breach.

Failure to do so will result in more trouble down the road. If you are hacked, one of the first steps in the aftermath is to identify what went wrong. The investigation will help you find the answer and will hopefully prevent a breach from happening again in the future.


Excellus BlueCross BlueShield

10 million affected

September 2015

Excellus spent over four years dealing with class-action lawsuits in regards to their data breach that harmed 10 million members.

Uffda. Not fun.

Maintaining a defensive position throughout, saying that they did not act negligent, the company spent valuable time and resources dealing with all the legal issues that came from the breach. The advice here is pretty simple — make sure you have the proper security systems in place to deal with hackers. Otherwise, you may be spending a lot of time dealing with the fallout.



4.9 million affected 

September 2011

Not only do your internal security systems need to be rock solid to avoid data breaches, but everyone within the organization needs to be smart and careful in terms of how they handle the data.

TRICARE learned that the hard way in September of 2011. The data from this breach was stolen from one of the Science Applications International Corporation employee's cars (the company in charge of overseeing TRICARE's security).

When it comes to handling confidential, valuable, and personal information from patients, clients, or whoever, your job of keeping this information safe doesn't end when you sign out of your computer. It carries over to when you clock out as well. Be wary of digital data, storage devices, and hard copies too.


The University of California, Los Angeles Health

4.5 million affected 

July 2015 

Another example of how long these lawsuits can carry on for, UCLA health JUST reached a settlement in March of 2019 on their lawsuit for a breach that occurred in 2015. Once again, this goes to show how important it is to take care of your data.

In addition to putting hundreds, thousands, or millions of people at risk of having their information stolen, the aftermath is long and expensive.

Medicus IT — Your Healthcare IT Expert

Through our HIPAA security/compliance, monthly reporting, risk assessment, and application integration we can help establish a strong, connected security system with our healthcare clients.

If you're ready to ensure that your IT systems are not only HIPAA compliant, but also secure and safe from hackers — contact us today.

Healthcare IT. It's what we do.