Covered entities, like healthcare providers and health plans, reported the lion’s share of breaches in September – 2,183,302 breached files. Business associates logged 270,538 breached files.
Overall, September healthcare breaches affected 2,453,840 records containing protected health information (PHI).
In September 2022, there were 64 large-scale breaches reported, 46 of which affected healthcare providers. These 46 incidents compromised the PHI of 2,101,013 individuals, representing 85.6% of patients affected by the September incidents.
Business associates reported ten additional incidents that affected 270,538 patients, representing 11% of patients affected.
Five health plans also reported incidents affecting 82,289 patients, representing 3.4% of affected patients.
53 breaches resulted from hacking incidents. There were seven breaches caused by unauthorized access or disclosure of PHI, two incidents involving theft, and two resulting from loss of PHI.
September 2022 Healthcare Breaches and Hacking
Cybercriminals are still busy as hacking continued its streak at the top of the list of causes of healthcare breaches in September 2022. The 53 hacking incidents reported in September affected the PHI of 2,424,060 patients. These 53 incidents represented 98.9% of all reported records breached during the month.
Entities affected by hacking:
- 40 healthcare providers, 2,084,174 patients, 89% of patients affected by hacking
- 8 business associates, 268,642 patients, 11% of patients affected by hacking
- 5 health plans, 71,244 patients, 3% of patients affected by hacking
Types of hacking incidents:
- 41 hacks of network servers and other reasons, 1,558,611 patients, 64.2% of patients affected by hacking
- 6 email hacks, 258,176 patients, 10.7% of patients affected by hacking
- 5 electronic medical records systems and EMR/network server hacks, 592,775 patients, 24.5% of patients affected by hacking
- 1 laptop hack, 1,092 patients, >0.1% of patients affected by hacking