Skip to content Skip to navigation

Nearly 130K Records Breached in July with TheDarkOverLord as Main Culprit

August 11, 2016
by Rajiv Leventhal
| Reprints
Twenty-eight percent of breaches in the month involved hacking or ransomware; some go unreported for years
Click To View Gallery

A total of 39 incidents and 126,930 records breached in the U.S. involving protected health information or medical/health information were either disclosed or reported in July, according to The Protenus Breach Barometer.

The Protenus automated patient privacy monitoring platform analyzes user behavior to detect and resolve Health Insurance Portability and Accountability Act of 1996 (HIPAA) violations. It’s a monthly snapshot of reported or disclosed breaches impacting the healthcare industry, with data compiled and provided by

After an unheard of 11 million patient records were breached in June, July's number of total records breached is back down to April’s levels (though nearly half of U.S. states had at least one healthcare data breach incident this month). The growing impact, costs and rate of breaches illustrates how vulnerable the healthcare industry remains. In July, Oregon Health and Science University and The University of Mississippi Medical Center paid fines of $2.7 million and $2.75 million, respectively, to the HHS Office of Civil Rights (OCR) for HIPAA breaches and alleged violations.

What’s more, the largest single breach of 23,565 was, once again, the work of the hackers known as “TheDarkOverLord.”  Forty-six percent (18 incidents) of breaches in July were insider incidents, including both accidental and intentional wrongdoings. Twenty-eight percent (11 incidents) of breaches involved hacking or ransomware, including the two databases put up for sale by the TheDarkOverLord on the dark web. 

Interestingly, paper records were involved in nearly 25 percent of incidents, with some records just carelessly left behind or lost. Business associates or vendors continue to be a source of concern and accounted for 24 percent (9 incidents), according to the findings. Eighty-seven percent of breaches were healthcare providers (34 incidents), followed by 8 percent breaches of health plans (3 incidents), 2.5 percent involving a business associate or vendor (1 incident), and 2.5 percent from a U.S Army prison hospital (1 incident).

Furthermore, the average time lapse between when a breach occurred and when the breach was reported is just over two years (25.5 months) for the 16 breaches in July where the exact time interval is known. This interval data confirms that breaches often go on for months or years before they are publically reported. The longest time elapsed from breach to report was over six years. Six organizations reported within three months.  

Not even halfway through the month, August has already seen a few major data breaches in the industry. Last week, Phoenix-based Banner Health, one of the largest healthcare systems in the U.S., announced that it is notifying approximately 3.7 million individuals about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. And on August 5, Albany, New York-based Newkirk Products, a BlueCross BlueShield business associate that issues healthcare ID cards for health insurance plans, reported a cyber security incident involving unauthorized access to a server containing approximately 3.3 million plan members’ personal information.



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.