Healthcare breaches affecting 3.5M people reported in June
Nearly 3.5 million people had data exposed in healthcare breaches reported to the federal government last month.
That’s up from 2 million who had information compromised in data breaches reported in May.
Yet June had the lowest number of breaches reported in a single month since the start of 2019, with providers, health plans and their business associates reporting 29 to HHS’ Office for Civil Rights, the agency that maintains the government’s database of healthcare breaches. That’s down 40% from the 49 data breaches reported during May.
The vast majority of people affected in June, just under 3 million, had information exposed in a single incident at Dominion National, an insurer and administrator of dental and vision benefits in the Mid-Atlantic. The company notified the OCR on June 21 that an unauthorized user may have accessed some of its computer servers, beginning as early as April 2010.
Absent from the OCR’s breach portal to date are reports from a massive breach at billing collections vendor American Medical Collection Agency, which was publicly disclosed last month.
LabCorp and Quest Diagnostics in June said a data breach resulting from an unauthorized user accessing the vendor’s web payment system between August 2018 and March 2019 had affected nearly 8 million and 12 million of their patients, respectively, but that AMCA had not provided them with information on which patients’ data was exposed.
The data breach sparked a set of investigations and inquiries into AMCA, LabCorp and Quest, including an investigation by attorneys general in Illinois and Connecticut.
An AMCA spokesperson did not respond to a request for comment on whether it had reported the breach to the OCR.