March 2022 Healthcare Breach

Each month, we review healthcare breaches to determine the leading cause and how the incidents could have been prevented. We do so by examining the Office for Civil Rights (OCR) online breach portal. The OCR publicly posts healthcare breaches that affected 500 or more patients to ensure that all affected patients know their information could have been potentially compromised.

Cybercriminals hit a home run with the March announcement of a breach that affected the Major League Baseball Players Benefit Plan that potentially compromised the protected health information of 13,156 individuals.

In March 2022, there were 30 large-scale breaches reported involving 1,285,716 patients. Most March 2022 healthcare breaches affected healthcare providers, with 21 incidents. These breaches compromised the (PHI) of 1,070,279, representing just over 83% of patients affected by the March incidents. 

Business associates reported three additional incidents. Business associate incidents affected 41,183 patients, representing 3% of patients affected. Six health plans also reported incidents affecting 174,274 patients and representing 13.6% of affected patients. 

March 2022 Healthcare Breaches and Hacking

Hacking continued its streak at the top of the list of causes of healthcare breaches in March 2022. There were 27 hacking incidents reported in March that affected 1,281,269 patients. These 27 incidents represented 99.7% of patients affected by March incidents.

Entities affected by hacking:

  • 21 healthcare providers, 1,070,279 patients, 83.5% of patients affected by hacking
  • 1 business associate, 38,418 patients, 3% of patients affected by hacking
  • 5 health plans, 172,572 patients, 13.5% of patients affected by hacking

Types of hacking incidents:

  • 19 network server hacks,1,171,815 patients, 91.5% of patients affected by hacking
  • 7 email hacks, 107,960 patients, 8.4% of patients affected by hacking
  • 1 electronic medical record, network server, 1,494 patients, 0.1% of patients affected by hacking

Let’s Simplify Compliance

Cybersecurity and HIPAA compliance go hand-in-hand. Protect your business by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

How to Prevent Hacking Incidents

As hacking incidents have become the leading cause behind healthcare breaches for several years, minimizing your risk of being targeted is crucial.

Security Risk Assessments and Remediation

Security risk assessments (SRAs) are vital for security and compliance. The purpose of an SRA is to identify weaknesses and vulnerabilities in your security practices so that you can prepare yourself against potential threats. Once SRAs have been conducted, it is essential to create remediation plans to address any identified deficiencies.

Employee Cybersecurity Training

A significant portion of hacking incidents results from phishing emails. This is why employee cybersecurity training is essential to your organization’s overall security posture. Employees should be trained on recognizing phishing attempts and what to do if they suspect an incident has occurred.

March 2022 Healthcare Breaches and Unauthorized Access or Disclosure

Incidents of unauthorized access or disclosures of PHI can occur in two ways – an authorized employee accesses PHI inappropriately, or an unauthorized party gains access to PHI. In March 2022, there were three incidents of unauthorized access or disclosure of PHI. These incidents affected 4,447 patients, representing 0.3% of patients affected by March incidents.

Entities affected by unauthorized access or disclosure: