The three biggest healthcare data breaches of all time were reported in 2015; two of them were in the year's first quarter.
Here are the five data breaches that affected the most number of individuals this year. Data are pulled from the HHS' Office for Civil Rights breach notification portal.
1. Anthem: 78.8 million individuals affected
In February, Indianapolis-based payer Anthem reported its network had been hacked. The organization learned of the attack in late January when a systems administrator noticed a database query using his identifier code was running, but he had not initiated the query. With 78.8 million records affected, the cyberattack on Anthem is not just the biggest healthcare breach of 2015, but the biggest one to date. Read more
2. Premera Blue Cross: 11 million individuals affected
On Jan. 29, Mountlake Terrace, Wash.-based Premera Blue Cross learned of a cyberattack on its IT systems. The payer notified the public in March, indicating the hack affected 11 million customers, employees and business affiliates. Read more
3. Excellus Health Plan: 10 million individuals affected
Rochester, N.Y.-based Excellus Health Plan reported a cyberattack in September affecting 10 million records. The payer learned of the attack in August, and an investigation revealed the cyberattackers initially accessed the payer's IT systems in December 2013. The breach affects members with Excellus plans and other Blue Cross Blue Shield plan members who sought treatment in Excellus' upstate New York service area. Read more
4. UCLA Health: 4.5 million individuals affected
The protected health information of nearly 4.5 million people was compromised at UCLA Health when hackers launched a cyberattack on the health system's network. The health system learned of the attack May 5 and reported it in July. The initial investigation into the attack suggests the cyberattacker had access to the IT system since September 2014. Read more
5. Medical Informatics Engineering: 3.9 million individuals affected
This medical software company based in Fort Wayne, Ind., was hacked on May 7 and affected 3.9 million individuals nationwide. The company detected the cyberattack May 26 and reported it June 10. Read more
More articles on health IT:
58 EHR contracts, go-lives in 2015
3 of the biggest health IT rivalries: The cloud, EHRs & wearables
HCA's EHR shutdown over the weekend: 4 things to know