The worst HIPAA breaches of fall 2021

Featured image

Share this article

Abstract circle of light with dot patterns and circuit boards around a secure lock icon in the center

HIPAA violations can occur when healthcare providers don’t take proactive steps to prevent data breaches. Not only do you need a robust network security system, but you also need to train employees to prevent mistakes and send HIPAA compliant email

Otherwise, you could end up on the HIPAA Wall of Shame. Let’s take a look at some of the recent data breaches that led to huge disruptions for healthcare providers.

Healthcare provider down time

When hackers encrypt entire networks, it can leave healthcare providers scrambling to run their operations.

Take the Maryland Department of Health, for example. When it discovered that its network had been breached, it promptly shut down servers. But this led to the deactivation of its website, which meant patients didn’t have access to their electronic health records (EHR).

An Ohio hospital also suffered from a cyberattack that led to taking down network servers. The hospital spent several days canceling appointments as it tried to restore its network. The patient portal was also not active, which led to patients’ confusion about their care.

Related: Why email is better than patient portals

Business associates are not free from cyberattacks either as QRS, an EHR vendor, also had a data breach that impacted over 320,000 of its client’s patients. This is why it’s important for covered entities to make sure a business associate agreement (BAA) is signed to confirm that the HIPAA Security Rule is enforced.

App vulnerability

Business associates also suffered from app vulnerabilities. A Microsoft Power Apps‘ vulnerability led to over 300,000 patients in Denton County, Texas having sensitive data exposed. 

Microsoft Power Apps is a HIPAA compliant vendor, as is Microsoft Exchange, which also had multiple zero-day exploits uncovered this year. Covered entities should ensure that any third-party app they use has the proper security configurations in place to help prevent any data leaks.

IP spoofing

The largest network server breach this year affected 1.5 million people. Eskenazi Health was a victim of IP spoofing, a process where a hacker pretends to be using a different IP address. In this situation, the hacker managed to disable network security protections, which made it difficult for the IT team to detect suspicious activity.

Hacking/IT incident

Metro Infectious Disease Consultants (MIDC) was the victim of an email breach that impacted over 170,000 individuals. A hacker had gained access to employee email accounts, possibly by using phishing emails. While the company was able to secure those email accounts, it does serve as a reminder that even small healthcare providers are a target of cybercriminals.

How can healthcare providers protect themselves from cyberattacks?

All healthcare providers, no matter how big or small, need to have multiple layers of security to keep their data safe. Business associates should also be aware that they are a target of cybercriminals and also have a responsibility to protect their clients’ patient data.

Some ways that companies can protect themselves from a cyberattack include:

Paubox Email Suite Plus can help healthcare providers send HIPAA compliant email while protecting their inboxes from malicious emails. Our robust inbound security tools will detect and quarantine emails that may contain malware, viruses, or spam.

It’s also easy for your employees to use since it can seamlessly integrate with popular email providers such as Google Workspace or Microsoft 365. You won’t need to use complex patient portals to securely communicate with your patients.

Our HITRUST CSF certified software also includes a BAA included at no extra cost. If you want to avoid becoming a cyberattack victim, you should ensure that all of your cybersecurity, including your email, is using best practices.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022