The biggest healthcare data breaches reported in 2020

This year shone a spotlight on cybersecurity, with federal agencies warning in October of an “increased an imminent” cyber threat to hospitals fueled by the COVID-19 pandemic.

But not every security incident was caused by major ransomware attacks, of course. Some costly breaches were caused by much more mundane activities, such as improperly disposed materials or employee snooping.

By law, the U.S. Department of Health and Human Services’ Office of Civil Rights must publish a list of breaches of unsecured protected health information affecting 500 or more individuals. It’s worth noting that not every incident on this list happened in 2020, nor has every incident that took place in 2020 been reported yet.

HIMSS20 Digital

Learn on-demand, earn credit, find products and solutions. Get Started >>

The list also includes both resolved incidents and those still under investigation. More than 10 million individuals were affected by the breaches in the top 10 list alone.

Ultimately, it’s clear that cybersecurity incidents aren’t going anywhere in the coming year – and they may even get more egregious. Here’s a list of the biggest healthcare breaches reported to OCR in 2020.

Name: Trinity Health 
Reported: 9/14/2020
Number of individuals affected: 3,320,726

Trinity’s