2021 April Healthcare Breaches

Each month, we review the breaches occurring in the previous month to determine what the leading cause of that month’s breaches are. April healthcare breaches affected 2,623,378 patients, with the leading cause behind breaches listed as hacking incidents.

There were 44 healthcare hacking incidents occurring in April 2021, affecting 2,260,008 patients, representing 86.15% of patients affected by April’s breaches. The second most common reason behind April healthcare breaches was unauthorized access or disclosures of protected health information (PHI). There were 17 of these incidents occurring in April 2021, affecting 358,870 patients, representing 13.68% of patients affected. There were also three incidents of loss or theft of PHI, affecting 4,500 patients, representing 0.17% of affected patients.

Additionally, in April 2021:

  • The most targeted entities were business associates, with 11 incidents affecting 1,462,084 patients, representing 55.73% of affected patients
  • There were 44 incidents targeting healthcare providers, affecting 732,776 patients and representing 27.93% of affected patients
  • There were 9 incidents targeting health plans, affecting 428,518 patients and representing 16.33% of affected patients

April Healthcare Breaches and Hacking Incidents

Over the past several months, hacking incidents have been the leading cause behind breaches. April was no different, with 2,260,008 patients affected by hacking incidents. Overall, hacking incidents accounted for 86.15% of patients exposed by April breaches.

These hacking incidents occurred in three different areas:

  • 28 “network server” hacking incidents, affecting 1,777,819 patients, representing 78.66% of hacking incidents
  • 13 “email” hacking incidents, affecting 451,460 patients, representing 19.98% of hacking incidents
  • 2 “other” hacking incidents, affecting 30,729 patients, representing 1.36% of hacking incidents

58.35% of hacking incidents targeted business associates, affecting 1,318,620 patients:

  • Health Center Partners of Southern California: 293,516 patients affected
  • Aloha Practice Management LLC: 3,835 patients affected
  • Winona Agency, Inc.: 4,834 patients affected
  • Maestro Health, LLC: 2,016 patients affected
  • Trinity Health: 586,869 patients affected
  • Bricker & Eckler LLP: 420,532 patients affected
  • Cornerstone Municipal Advisory Group LLC dba Manquen Vance: 7,018 patients affected

Rated #1 on G2

“Compliancy Group makes a highly complex process easy to understand.”

Easiest To Do Business With 2024

30.01% of hacking incidents targeted healthcare providers, affecting 678,178 patients:

  • LifeBridge Community Gastroenterology, LLC dba Woodholme Gastroenterology: 50,000 patients affected
  • Achievement Center of LECOM Health: 1,671 patients affected
  • St. John’s Well Child and Family Center, Inc.: 29,030 patients affected
  • Boston Children’s Hospital: 506 patients affected
  • Hand to Shoulder Specialists of Wisconsin Ltd.: 39,317 patients affected
  • Middletown Ventures Associates, LLC, d/b/a Middletown Medical Imaging: 29,945 patients affected
  • Thrifty Drug Stores, Inc.: 3,958 patients affected
  • SEES Group, LLC: 3,797 patients affected
  • Faxton St. Luke’s Healthcare: 17,656 patients affected
  • Allergy Partners, PLLC: 1,087 patients affected
  • Gifford Health Care: 6,777 patients affected
  • Entrust Medical Billing: 5,426 patients affected
  • Pediatric Associates of Milwaukee: 8,160 patients affected
  • Sapphire Community Health: 4,000 patients affected
  • Baptist Health Arkansas: 16,765 patients affected
  • Health Aid of Ohio, Inc.: 141,149 patients affected
  • Urgent HomeMD: 615 patients affected
  • MailMyPrescriptions.com Pharmacy Corporation: 24,037 patients affected
  • North Country Hospital: 1,905 patients affected
  • Sterling Area Health Center: 3,347 patients affected
  • Neighborhood Healthcare: 45,200 patients affected
  • Midwest Transplant Network, Inc.: 17,580 patients affected
  • HME Specialists, LLC dba Home Medical Equipment Holdco, LLC: 153,013 patients affected
  • Crystal Lake Clinic PC: 37,331 patients affected
  • Harbor Health Services, Inc.: 901 patients affected
  • Atlanta Allergy & Asthma: 9,851 patients affected
  • Southern Orthopaedic Surgeons: 501 patients affected
  • Squirrel Hill Health Center: 23,869 patients affected
  • Fort HealthCare Inc.: 784 patients affected

11.65% of hacking incidents targeted health plans, affecting 263,210 patients:

  • NPS Corporation: 999 patients affected
  • Werner Electric Supply: 720 patients affected
  • Gyrodata Incorporated: 944 patients affected
  • ElderServe Health, Inc. dba RiverSpring Health Plans: 31,195 patients affected
  • Regence: 803 patients affected
  • Cadence Aerospace: 747 patients affected
  • Total Health Care Inc.: 221,454 patients affected
  • Belden Inc.: 6,348 patients affected

April Healthcare Breaches and Unauthorized Access or Disclosure of PHI

In April, there were 17 incidents of unauthorized access or disclosure of PHI. These incidents affected 358,870 patients, representing 13.68% of patients affected by April healthcare breaches.

These unauthorized access or disclosure incidents occurred in four areas:

  • 6 “network server” incidents, affecting 199,264 patients, representing 55.53% of unauthorized access or disclosure incidents
  • 3 “other” incidents, affecting 145,250 patients, representing 40.47% of unauthorized access or disclosure incidents
  • 5 “email” incidents, affecting 10,923 patients, representing 3.04% of unauthorized access or disclosure incidents
  • 3 “electronic medical record” incidents, affecting 3,433, representing 0.96% of unauthorized access or disclosure incidents

46.06% of unauthorized access or disclosure incidents were reported by health plans, affecting 165,308 patients:

  • Wyoming Department of Health: 164,010 patients affected
  • Maritz Holdings Inc.: 1,298 patients affected

39.98% of unauthorized access or disclosure incidents were reported by business associates, affecting 143,464 patients:

  • Virtua Health, Inc.: 2,704 patients affected
  • Administrative Advantage, LLC: 4,852 patients affected
  • Med-Data Incorporated: 135,908 patients affected

13.96% of unauthorized access or disclosure incidents were reported by healthcare providers, affecting 50,098 patients:

  • Minimed Distribution Corp: 1,667 patients affected
  • Doctors Medical Center of Modesto: 1,259 patients affected
  • Jackson County Health Dept: 1,800 patients affected
  • Center for Disease Detection, LLC: 2,436 patients affected
  • Huggins Hospital: 3,616 patients affected
  • Kanan Medical, L.L.C.: 823 patients affected
  • Texas MedClinic: 6,638 patients affected
  • Chautauqua County: 537 patients affected
  • Eastern Shore Rural Health System Inc.: 23,282 patients affected
  • Montefiore Medical Center: 943 patients affected
  • University Health: 2,704 patients affected
  • Harrington Physician Services: 4,393 patients affected

April Healthcare Breaches and Loss or Theft of PHI

In April 2021, there were three incidents reported involving the theft or loss of PHI. These incidents were all reported by healthcare providers, affecting 4,500 patients, representing 0.17% of patients affected by April breaches.

88.09% were reported as theft, affecting 3,964 patients:

  • Unlimited Medical Services of Florida, LLC DBA DNF Medical Centers: 846 patients affected
  • Peak Vista Community Health Centers: 3,118 patients affected

11.91% were reported as loss, affecting 536 patients:

  • Presbyterian Medical Services: 536 patients affected

Prevent HIPAA Breaches

Don’t fall victim to breaches. Protect your business by becoming compliant today!