2021 Healthcare Breaches

It has been a tough year for cybersecurity professionals as hacking groups and ransomware criminals have exposed the records of more than 40 million Americans during an onslaught of 2021 healthcare breaches. As a result, some healthcare data networks were out of service for weeks at a time, potentially compromising quality of care for patients across the country.

As recently as September, the FBI and HHS issued a warning about another newly observed ransomware, and there is growing consensus among cybersecurity professionals that it’s only a matter of time before every company will face a cyberattack. With that in mind, we have assembled a list of the top 10 2021 healthcare breaches to date.

2021 Healthcare Breaches and Cybersecurity Incidents

There seems to be no end in sight to the increasing frequency of cyber attacks. Further underscoring this, all of the top 10 breaches this year were caused by phishing, hacking, and ransomware attacks.

Florida Healthy Kids Corporation Breach Affected 3,500,000 Patients

Florida Healthy Kids Corporation administers the Florida Healthy Kids program, which provides subsidized insurance for children living in families who have too much money to qualify for traditional Medicaid. The non-profit corporation also provides administrative services for the other three KidCare programs. Following a cyberattack announced in January 2021, a subsequent analysis found “significant vulnerabilities” on the children’s health insurance program website since 2013. As a result, protected health information (PHI) was potentially exposed, including Social Security numbers, dates of birth, names, addresses and financial information.

20/20 Eye Care Network, Inc. Breach Affected 3,253,822 Patients

20/20 Eye Care Inc. is a business associate who offers administrative services to health plans. After being notified of suspicious activity in their Amazon Web Services Environment, an investigation was launched and the FBI was notified. The investigation found that data may have been removed, including PHI for as many as 3,253,822 patients. A class-action lawsuit was filed against the company in July 2021.

Let’s Simplify Compliance

Protect your business from breaches by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

Forefront Dermatology Breach Affected 2,413,553 Patients

After suffering what was termed an “intrusion” on its network server in June 2021, Forefront Dermatology announced that the PHI of some patients had been accessed. “While the investigation found evidence that only a small number of patients’ information was specifically involved, Forefront Dermatology could not rule out the possibility that files containing other patients’ information may have been subject to unauthorized access,” said the company in a press statement. As many as 2,413,553 patient records may have been exposed. The Wisconsin-based healthcare provider has locations in 21 states and the District of Columbia.

NEC Networks, LLC Breach Affected 1,656,569 Patients

NEC Networks, is a business associate doing business as CaptureRx. A February 2021 investigation determined that as many as 1,656,569 patient files containing PHI such as name, date of birth, and prescription information were accessed and acquired without authorization.

Eskenazi Health Breach Affected 1,515,918 Patients

Eskenazi Health, an Indiana-based health system was targeted by cyber criminals in a ransomware attack. After gaining access to the organization’s network, the criminals disabled security measures and stole data, some of which was later released on the dark web. 

The Kroger Co. Breach Affected 1,474,284 Patients

Kroger Co., the retail grocery chain confirmed in February 2021 that it was impacted by a data security incident affecting Accellion, Inc. Accellion’s services were used by Kroger, as well as many other companies, for third-party secure file transfers. Accellion notified Kroger that an unauthorized person gained access to certain Kroger files by exploiting a vulnerability in Accellion’s file transfer service. As a result, up to 1,474,284 patient records from the company’s pharmacy and clinic services may have been compromised.

St. Joseph’s/Candler Health System, Inc. Breach Affected 1,400,000 Patients

A ransomware attack on the S