Here are the healthcare providers that experienced malware, ransomware and phishing incidents Becker's Hospital Review reported during the first half of 2020.
- University of Florida, UF Health Shands in Gainesville and UF Health Jacksonville all reported email hacking incidents associated with an attack on a business associate that affected thousands of individuals.
- Florida Orthopaedic Institute found that some personal information had been exposed during a ransomware attack on encrypted data stored on its servers.
- University of California San Francisco paid $1.14 million to hackers after a ransomware attack on its medical school's computer servers.
- Miami-based Cano Health reported a data breach that affected 28,268 individuals.
- A data security incident involving Care New England's computer system caused the Providence, R.I.-based health system's website to experience downtime for nearly a week.
- CHI St. Luke's Health-Memorial Lufkin (Texas) began notifying patients June 19 that an unauthorized third party gained access to patients' protected health information in April.
- Netwalker, a ransomware operator that threatens to publish data online if ransoms aren't paid, hacked Springfield, Pa.-based Crozer-Keystone Health System and is auctioning off its data online.
- Albuquerque, N.M.-based Presbyterian Healthcare notified 183,000 patients that their private information was breached in a second email hack last year.
- The email account of an employee at Oswego (N.Y.) Health was compromised by someone not associated with the health system who sent out emails containing a link to a possibly malicious site.
- MU Health Care in Columbia, Mo., notified patients of a data breach that occurred in September 2019, in which students created email accounts with a third party but used the same username and passwords as their university email accounts. The university email accounts containing patient information may have been compromised when an unauthorized user breached the third party's system.
- Rangely (Colo.) District Hospital on June 8 began notifying patients of a ransomware attack on its computer systems April 9 that resulted in the loss of access to several years of patients' medical records.
- University of Utah Health reported June 5 that an unauthorized individual accessed some employee email accounts over a 45-day period earlier this year.
- Palmer, Alaska-based Mat-Su Surgical Associates reported a ransomware attack that affected thousands of patients' information.
- Mille Lacs Health System in Onamia, Minn., reported that select employees fell victim to an email cyberattack that affected thousands of patients' information.
- Post-acute care administrative services support provider Management and Network Services reported an email security breach that exposed information of thousands of its clients' patients.
- Healthcare Resource Group, a revenue cycle management services provider, began notifying patients of Medina, N.Y.-based Orleans Community Health of an email hacking incident that may have exposed patients' personal health information.
- Hartford, Conn.-based Saint Francis Healthcare Partners notified patients of an email hacking incident that affected 38,529 patients.
- Maze hacked and posted online the records of Bellevue, Wash.-based plastic surgeon Kristin Tarbet, MD, and Asheville (N.C.) Plastic Surgery Institute.
- Ascension's Eastwood Clinics in Southfield, Mich., reported a data breach of 999 individuals.
- Parkview Medical Center in Pueblo, Colo., reported it experienced a cyberattack that left its computer network down for at least a week.
- Beaumont Health in Southfield, Mich., reported a hacking incident that affected 112,211 patients through an email breach.
- Houston Methodist Hospital reported 1,987 individuals were affected by the theft of a portable electronic device in April.
- Advocate Aurora Health in Milwaukee reported that 23,137 individuals were affected in a hacking incident related to their email and network server.
- Doctors Community Medical Center in Lanham, Md., reported that 18,481 patients' records were exposed in an email hacking incident.
- Corpus Christi (Texas) Rehabilitation Hospital reported that 507 individuals were affected by an email hacking incident.
- UPMC Altoona (Pa.) Regional Health Services reported an email hacking incident that affected 13,911 patients' records.
- The University of Utah in Salt Lake City reported an email hacking incident that exposed 5,000 patient records.
- Washington University School of Medicine in St. Louis reported an email hacking incident that exposed 14,795 patients' records.
- Merced, Calif.-based Golden Valley Health Centers began notifying 37,900 patients that their protected health information may have been exposed in a phishing attack.
- Hawaii Pacific Health in Honolulu reported that business associates caused a breach of 836 patients' records due to record loss and breached 3,772 patients' records due to unauthorized access to EHR.
- Lakewood Health System reported an email hacking incident exposed records of 1,415 patients.
- Lexington-based UK HealthCare and the University of Kentucky rebooted their computer systems March 8 after a monthlong cyberattack.
- Torrance (Calif.) Memorial Medical Center reported that an incident of unauthorized access to the network server exposed 3,448 patients' records.
- Randleman (N.C.) Eye Center began notifying its patients that their information may have been exposed in a malware attack.
- Fayetteville, Ark.-based Ozark Orthopaedics notified 15,240 patients that their protected health information may have been exposed in a phishing attack.
- Riverview Health in Noblesville, Ind., reported that 2,610 patients' records were exposed due to unauthorized access to paper records.
- Harris Health System in Houston reported the loss of 2,298 paper records.
- In a phishing scheme, hackers impersonated clinicians and executives at Nashville, Tenn.-based Vanderbilt University Medical Center.
- Little Rock-based Arkansas Children's Hospital had to shut down and restart its IT systems after a cyberattack.
- Rady Children's Hospital San Diego reported 2,360 patients' records were exposed due to unauthorized access to its network server.
- NCH Healthcare System in Naples, Fla., reported an email hacking incident that exposed 63,581 patients' records.
- United Regional Health Care System in Wichita Falls, Texas, reported an email hacking incident that affected 1,893 patients' records.
- Phoenix Children's Hospital reported it experienced an email hacking incident that affected 1,860 patients' records.
- Alomere Health in Alexandria, Minn., reported an email hacking incident that affected 49,351 patients' records.
- Lake Success, N.Y.-based Personal-Touch Home Care, a branded home healthcare company that provides services across the state, notified more than 157,000 patients that their information may have been exposed in a ransomware attack against a third-party vendor.
- Bellevue, Wash.-based Overlake Medical Center & Clinics, a 364-bed nonprofit community hospital, began alerting 109,000 patients that their information may have been exposed in a phishing attack.
- Nashville-based Tennessee Orthopaedic Alliance began alerting 81,146 patients that their information may have been exposed in a phishing scheme.
- Decatur, Texas-based Wise Health System began notifying 66,934 patients that their protected health information may have been exposed in a phishing attack.
- Houston-based Fondren Orthopedic Group warned 30,049 patients that their medical records may have been damaged in a malware attack.
- Great Bend, Kan.-based Central Kansas Orthopedic Group began notifying 17,214 patients that their information may have been exposed in a ransomware attack.
- Springfield, Ill.-based Hospital Sisters Health System notified 16,167 patients that their information may have been exposed in a phishing attack.
- Albia, Iowa-based Monroe County Hospital & Clinics began notifying around 7,500 patients that their information may have been exposed in a phishing attack.
- Fort Worth, Texas-based MHMR of Tarrant County began notifying 6,524 patients that their information may have been exposed in a phishing attack.
- Lafayette (Ind.) Regional Rehabilitation Hospital notified 1,360 patients that their information may have been exposed in a phishing attack.
- Shields Health Solutions, which provides specialty pharmacy services to hospitals and other healthcare organizations, has notified 1,277 patients of a phishing attack that may have exposed their information.
- Connecticut health insurer Access Health CT alerted about 1,100 members that their information may have been exposed in a phishing attack.
- UnitedHealthcare disclosed that nearly 1,000 members may have had their information exposed in a data breach.
- Reva, a medical transportation service, alerted 1,000 patients that their information may have been exposed in a phishing attack.
- More than 500 affiliated offices of Boston Children's Hospital had their computer systems shut down after a malware attack.
- New Hyde Park, N.Y.-based Northwell Health began alerting prospective employees about unauthorized individuals falsely using the health system's name.
- Twenty-nine employees at Munson Healthcare fell victim to a phishing attack that allowed an unauthorized third party access to patient data.
- Home healthcare company Aveanna Healthcare notified patients and employees that their information may have been exposed in a phishing attack.
- Hospital software provider NRC Health notified its affiliated hospitals that it was targeted in a ransomware attack.
- South Portland, Maine-based Spectrum Healthcare Partners notified 11,308 patients of an email incident that may have exposed their protected health information.
- Cook County (Ill.) Health began notifying 2,713 patients that their personal information may have been sent to a third-party vendor who did not have a business agreement with the health system at the time.
- An unauthorized third party gained access to some computers at Manchester (Conn.) Ophthalmology and attempted to encrypt information with ransomware.