A major cyberattack rocked the healthcare industry in February when Optum's Change Healthcare was hit by a ransomware gang that claims to have stolen massive amounts of patient data.
That was not the only attack to hit the industry, however. In the first five months of the year, hundreds of thousands of patients nationwide have had their data breached by ransomware gangs.
Here are 12 recent healthcare cyberattacks for ASC leaders to know:
1. Des Moines (Iowa) Orthopaedic Surgeons was hit with a data security incident that affected protected health information. The orthopedic group's network suffered the incident around Feb. 17, 2023, when an unauthorized actor was able to access and remove DMOS files due to a vendor failure.
2. Wichita-based Kansas Joint and Spine Specialists reported a data breach that affected 83,869 patients. Exposed patient data includes names, Social Security numbers, addresses, dates of birth, contact information, diagnoses, health insurance claim numbers, medical record numbers and other unique identifiers.
3. Colorado Ophthalmology Associates experienced a cyberattack that resulted in the encryption and loss of electronic medical record files. The practice, which has offices in Denver and Lakewood, said there is no indication that patients' protected health information was exported or viewed by any unauthorized individual.
4. Malvern, Pa.-based Azura Vascular Care, which operates 70 outpatient clinics and ASCs across 25 states, was affected by a cybersecurity incident. Attackers were able to access systems and encrypted files, causing personal information to be affected.
5. Vail-Summit Orthopaedics & Neurosurgery in Colorado notified patients of a data breach in January. An investigation is ongoing, and the practice found an unauthorized party may have accessed sensitive information, including names, addresses and Social Security numbers.
6. Medical Management Resource Group, doing business as American Vision Partners, experienced a cybersecurity incident affecting patient data. Information that may have been accessed includes names, contact information, dates of birth, medical information and, in certain cases, Social Security numbers and insurance information.
7. Northeast Orthopedics and Sports Medicine in Nanuet, N.Y., experienced a data security incident affecting 177,101 individuals. This data may include patient information such as identifying information, payment and medical record information, health insurance information and treatment and diagnosis information.
8. Bay Area Anesthesia, a division of Envision Physician Services, was affected by a data breach involving Bowden Barlow’s computer systems. Bay Area Anesthesia is a provider of anesthesia services to BayCare Surgery Center in Trinity, Fla. Bowden Barlow is a former third-party legal services provider of Bay Area Anesthesia.
9. Orthopedic Associates of Flower Mound (Texas) notified patients of an email breach possibly affecting patient medical history, Social Security numbers, patient names and financial data.
10. On March 7, Vancouver, Wash.-based Rebound Orthopedics & Neurosurgery filed a notice of a data breach with the attorney general of Montana. The unauthorized party accessed and stole confidential patient information stored on Rebound Orthopedics' computer network.
11. Otolaryngology Associates, a group practice with 13 offices in Indiana, experienced a cyberattack affecting 316,802 individuals.
12. New York City-based Island Ambulatory Surgery Center notified patients of a data security incident that impacted its patients' protected health information. Potentially compromised information includes patient names, dates of birth, Social Security numbers, driver's license numbers, medical information and health insurance information.