A shower of breaches stormed through patients’ protected health information (PHI). In April 2022, there were 44 large-scale breaches reported involving 1,612,672 patients’ data. Most April 2022 healthcare breaches affected healthcare providers, with 29 incidents. These 29 incidents compromised the PHI of 1,496,278 individuals, representing nearly 93% of patients affected by the April incidents.
Business associates reported 10 additional incidents. Business associate incidents affected 23,324 patients, representing just over one percent of patients affected.
Five health plans also reported incidents affecting 93,061 patients and representing 5.8% of affected patients. In April, 40 incidents resulted from hacking incidents and unauthorized access or disclosure of PHI. There were two incidents involving theft, one resulting from loss, and one resulting from the improper disposal of PHI.
April 2022 Healthcare Breaches and Hacking
Hacking continued its streak at the top of the list of causes of healthcare breaches in April 2022. There were 29 hacking incidents reported in April that affected more than one and a half million patients. These 29 incidents represented 96% of the breached records reported during the month.
Entities affected by hacking:
- 23 healthcare providers, 1,449,512 patients, 93.5% of patients affected by hacking
- 4 business associates, 10,526 patients, 0.7% of patients affected by hacking
- 2 health plans, 90,830 patients, 5.8% of patients affected by hacking
Types of hacking incidents:
- 12 network server hacks,1,144,699 patients, 73.8% of patients affected by hacking
- 13 email hacks, 297,136 patients, 19.2% of patients affected by hacking
- 2 other, 55,004 patients, 3.6% of patients affected by hacking
- 1 electronic medical record and other, 297,136 patients, 1.9% of patients affected by hacking
- 1 network server and other, 24,029 patients, 1.5% of patients affected by hacking