The worst HIPAA breaches of fall 2021

Abstract circle of light with dot patterns and circuit boards around a secure lock icon in the center

HIPAA violations can occur when healthcare providers don’t take proactive steps to prevent data breaches. Not only do you need a robust network security system, but you also need to train employees to prevent mistakes and send HIPAA compliant email

Otherwise, you could end up on the HIPAA Wall of Shame. Let’s take a look at some of the recent data breaches that led to huge disruptions for healthcare providers.

Healthcare provider down time

When hackers encrypt entire networks, it can leave healthcare providers scrambling to run their operations.

Take the Maryland Department of Health, for example. When it discovered that its network had been breached, it promptly shut down servers. But this led to the deactivation of its website, which meant patients didn’t have access to their electronic health records (EHR).

An Ohio hospital also suffered from a cyberattack that led to taking down network servers. The hospital spent several days canceling appointments as it tried to restore its network. The patient portal was also not active, which led to patients’ confusion about their care.

Related: Why email is better than patient portals

Business associates are not free from cyberattacks either as QRS, an EHR vendor, also had a data breach that impacted over 320,000 of its client’s patients. This is why it’s important for covered entities to make sure a business associate agreement (BAA) is signed to confirm that the HIPAA Security Rule is enforced.

App vulnerability

Business associates also suffered from app vulnerabilities. A Microsoft Power Apps‘ vulnerability led to over 300,000 patients in Denton County, Texas having sensitive data exposed. 

Microsoft Power Apps is a HIPAA compliant vendor, as is Microsoft Exchange, which also had multiple zero-day exploits uncovered this year. Covered entities should ensure that any third-party app they use has the proper security configurations in place to help prevent any data leaks.

IP spoofing

The largest network server breach this year affected 1.5 million people. Eskenazi Health was a victim of IP spoofing, a process where a hacker pretends to be using a different IP address. In this situation, the hacker managed to disable network security protections, which made it difficult for the IT team to detect suspicious activity.

Hacking/IT incident

Metro Infectious Disease Consultants (MIDC) was the victim of an email breach that impacted over 170,000 individuals. A hacker had gained access to employee email accounts, possibly by using phishing emails. While the company was able to secure those email accounts, it does serve as a reminder that even small healthcare providers are a target of cybercriminals.

How can healthcare providers protect themselves from cyberattacks?

All healthcare providers, no matter how big or small, need to have multiple layers of security to keep their data safe. Business associates should also be aware that they are a target of cybercriminals and also have a responsibility to protect their clients’ patient data.

Some ways that companies can protect themselves from a cyberattack include:

Paubox Email Suite Plus can help healthcare providers send HIPAA compliant email while protecting their inboxes from malicious emails. Our robust inbound security tools will detect and quarantine emails that may contain malware, viruses, or spam.

It’s also easy for your employees to use since it can seamlessly integrate with popular email providers such as Google Workspace or Microsoft 365. You won’t need to use complex patient portals to securely communicate with your patients.

Our HITRUST CSF certified software also includes a BAA included at no extra cost. If you want to avoid becoming a cyberattack victim, you should ensure that all of your cybersecurity, including your email, is using best practices.

Try Paubox Email Suite Plus for FREE today.

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport