July 2022 Healthcare Breach Report

Each month, we review healthcare breaches to determine the leading cause and how the incidents could have been prevented. We do so by examining the Office for Civil Rights (OCR) online breach portal. The OCR publicly posts healthcare breaches that affected 500 or more patients to ensure that all affected patients know their information could have been potentially compromised.

July proved to be a month when business associates reported breaches affecting more than double the number of patients’ information as covered entities.
Business associates reported 3,598,456 records breached in July, while covered entities tallied 1,710,049 breached files. Together, data breaches affected 5,308,505 records containing protected health information (PHI) during July. 

In July 2022, there were 57 large-scale breaches reported, 31 of which affected healthcare providers. These 31 incidents compromised the PHI of 1,275,263 individuals, representing 24% of patients affected by the July incidents. 

Business associates reported 16 additional incidents, accounting for nearly one-third of all records breached. Business associate incidents affected 3,598,456 patients, representing 67.8% of patients affected. 

Ten health plans also reported incidents affecting 434,813 patients and representing 8.2% of affected patients. 

In July, 47 breaches resulted from hacking incidents. There were seven breaches caused by unauthorized access or disclosure of PHI, two incidents involving theft, and one as the result of loss of PHI.

July 2022 Healthcare Breaches and Hacking

Cybercriminals are still busy as hacking continued its streak at the top of the list of causes of healthcare breaches in July 2022. The 47 hacking incidents reported in July affected the PHI of 5,177,660 patients. These 47 incidents represented 97.5% of all reported records breached during the month.

Entities affected by hacking:

  • 26 healthcare providers, 1,268,083 patients, 24.5% of patients affected by hacking
  • 14 business associates, 3,560,048 patients, 68.8% of patients affected by hacking
  • 7 health plans, 329,529 patients, 6.7% of patients affected by hacking

Types of hacking incidents:

  • 30 network server hacks, 4,967,305 patients, 95.9% of patients affected by hacking
  • 118 email hacks, 91,894 patients, 1.8% of patients affected by hacking
  • 5 electronic medical records systems hacks, 116,763 patients, 2.3% of patients affected by hacking
  • 1 other causes hack, 1,698 patients, less than 0.02% of patients affected by hacking

Let’s Simplify Compliance

Prevent healthcare breaches by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

How to Prevent Hacking Incidents

As hacking incidents have become the leading cause behind healthcare breaches for several years, minimizing your risk of being targeted is crucial.

Security Risk Assessments and Remediation

Security risk assessments (SRAs) are vital for security and compliance. An SRA aims to identify weaknesses and vulnerabilities in your security practices to prepare yourself against potential threats. Once SRAs have been conducted, it is essential to create remediation plans to address any identified deficiencies.

Employee Cybersecurity Training

A significant portion of hacking incidents results from phishing emails. This is why employee cybersecurity training is essential to your organization’s overall security posture. Employees should be trained on recognizing phishing attempts and what to do if they suspect an incident has occurred.

July 2022 Healthcare Breaches and Unauthorized Access or Disclosure

Incidents of unauthorized access or disclosures of PHI can occur in two ways – an authorized employee accesses PHI inappropriately, or an unauthorized party gains access to PHI. In July 2022, six incidents of unauthorized access or disclosure of PHI were reported. These incidents affected 59,224 patients, representing 1.0% of the breached records reported in July.

Entities affected by unauthorized access or disclosure:

  • 2 business associates, 38,408 patients, 71.4% of patients affected by unauthorized access or disclosure
  • 4 healthcare providers, 5,952 patients, 11.1% of patients affected by unauthorized access or disclosure 
  • 1 health plan, 9,424 patients, 17.5% of patients affected by unauthorized access or disclosure

Types of unauthorized access or disclosure:

  • 2 paper/films incidents, 38,408 patients, 71.4% of patients affected by unauthorized access or disclosure
  • 1 other causes incidents, 9,424 patients, 17.5% of patients affected