Healthcare Information Security

HIPAA and Compliance News

Top 6 Health Data Breaches for 2015 Involve Hacking

By Elizabeth Snell

- We are just three months into 2015, and two large scale health data breaches have already taken place. The Anthem data breach affected approximately 78 million individuals, while Premera Blue Cross’ incident could impact nearly 11 million members and applicants.


What do these two health data breaches have in common? Not only are millions of individuals potentially affected, but each incident was caused by a cyber attack. Both Anthem and Premera reported that a third-party inappropriately broke into a database that contained individuals’ sensitive information – and in Premera’s case PHI as well.

A more disturbing fact, is that according to the Department of Health & Human Services (HHS) Office for Civil Rights (OCR), the top six health data breaches for this year so far are all caused by hacking or an “IT incident.” While the Anthem and Premera breaches easily affect more individuals than the next four attacks combined, it is interesting that cyber attacks appear to be the culprit for all of them.

The top six breaches, followed by the date the breach was submitted to the OCR, as of March 31, 2015 are as follows:

Anthem, Inc. March 13
Affected Individuals: 78.8 million

Premera Blue Cross, March 17
Affected Individuals: 11 million

Virginia Department of Medical Assistance Services (VA-DMAS), March 12
Affected Individuals: 697,586

Georgia Department of Community Health, March 2
Affected Individuals: 557,779

Georgia Department of Community Health, March 2
Affected Individuals: 355,127

Advantage Consolidated LLC, March 18
Affected Individuals: 151,626

Following the Anthem data breach, Jim Mapes, Chief Security Officer of BestIT said in an interview with that similar healthcare data breaches were likely to continue. He added that it was not surprising that an incident like that had happened in the first place.

However, security awareness and training throughout the entire healthcare organization is going to be incredibly valuable in terms of prevention.

“Having an employee workforce that’s trained to understand that, and know what suspicious activity is, then they know how to react to it,” Mapes said. “That’s worth its weight in gold as far as prevention.”

Guy Delp, director of Cyber and Data Analytics at Lockheed Martin, also discussed the importance of not only training employees, but ensuring that the right employees are put into place to help prevent cybersecurity issues.

“We believe that many organizations don’t feel confident in their cybersecurity measures because they lack the proper funding and staffing to identify and manage attacks,” Delp said, citing results from a Lockheed Martin cybersecurity survey. “Fifty-six percent of respondents felt that they didn’t’ have expert personnel. This tells us that organization leaders need to allocate more funding to building up their cybersecurity defense structure and also hire or train additional cyber experts to protect their networks.”

Healthcare organizations might not be able to prevent every third-party cyberattack, but it is essential to be able to detect an issue and then immediately notify the authorities and individuals should an incident occur. We have nine more months to go still in 2015, and will hopefully not continue on the current path of having large scale data breaches.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...