Arizona medical data breaches: How many records have been affected in our state?

PHOENIX - Are healthcare providers doing enough to protect your personal information?

Hackers are accessing sensitive health data more than ever and this could directly impact you in Arizona.

Whether you're aware or not, cyberattacks are happening worldwide. Anyone's personal information is at risk at any given time.

"It is so valuable. It's you. Your information is you," said Aaron Jones, a program champion at the University of Advancing Technology in Tempe. He's the lead cyber instructor at the school where students learn subjects including, technology innovation, video game design and cybersecurity.

In this digital age, access is an opportunity for hackers.

"Information is power," Jones warns, and unauthorized access to health data is a red flag for privacy and safety concerns.

You'd think when you give up personal info to a healthcare organization, you're in good hands, but the U.S. Department of Health and Human Services Office for Civil Rights (OCR) operates a database revealing hundreds of breaches across the country in 2021 alone.

These HIPAA-covered organizations include hospitals, doctor's offices, and insurance companies which must report breaches impacting at least 500 patients.

"You're putting in your name, your social security number, your driver's license, your address, you're giving them information about perhaps things that ail you," Jones said.

Employees for hospital systems and businesses need to be educated on hacking incidents, he says.

"Across the board, we see a lack of training," Jones explained. "We see individuals who are not being stressed with knowledge about not clicking."

Healthcare data breaches surged to an all-time high last year, with 679 breaches impacting 45 million people, according to Critical Insight Cybersecurity. The vast majority of these breaches, 493 of them, are healthcare providers.

Cases by the numbers

Going through the Office for Civil Rights database to see how many companies have been breached in Arizona, 20 entities are recorded as currently having cases under investigation. Sixteen of them are due to hacking or IT incidents.

Within the last two years, there have been nearly 600,000 records exposed in Arizona.

You may recognize some names, such as Assured Imaging. Nearly 245,000 people were affected by the data breach in the network server.

Cochise Eye and Laser has 100,000 patients compromised due to a hacker. Arizona Asthma and Allergy Institute with just a little more than 70,000 individuals impacted by the same type of breach 

John Komer owns Kraken Cyber Security Group and works as a consultant to several companies.

"What happened in healthcare with remote sessions with telelearning and telemedicine has come along and that pushed more responsibility on patients to protect their own data," he explained, adding that the increased virtual approach to daily routines brought on by the pandemic opened the door wider for hackers.

"So for companies, it's really a challenge to keep one ahead of the bad guys. We call them threat actors," Komer said.

What's the stolen information used for?

Your valuable information can be sold on the "dark web" or used for identity theft.

Komer says cybercriminals can file false Medicare claims and by law, healthcare organizations are supposed to notify people affected by a data breach.

"If they haven't protected the data, the release can be really damaging. I've seen clinics and others actually close down because they were not in compliance with federal law, with HIPAA. They got breached and patient records were released," he explained.

We posted a list, which is public record, of HIPAA-covered entities in Arizona breached for health data to hear from someone who could be affected.

"I actually reached out to you right away because I was like, what is going on? I never, unfortunately, received any correspondence from them that this happened," a respondent said, whose name is staying private.

She relies on services provided by A New Leaf, a nonprofit organization helping those experiencing homelessness or domestic violence.

"I don't want to say we're in hiding, but we're kind of in a program that keeps us hidden, and to have our personal information hacked into and stolen is very scary," she said.

A hacking incident in A New Leaf's network server impacted about 10,000 people in December 2021.

How to protect yourself from cybercriminals

Komer says once cybercriminals know your email, you could be targeted with a ransomware attack, a form of malware designed to block you from access to files on your computer, causing the files to become encrypted, and you're told to pay a ransom for the decryption key.

"If you get an email from a healthcare organization asking you for your information, and says click on this link to update it, they don't do that. Don't click," Komer said.

Jones says two-factor authentication is a safe tool but use a code-generator rather than text to keep your information safe.

"What I would not recommend is using the text. That often times tell you, 'Hey we can send you a text to your phone it'll be a six-digit code,' and then you can just put that in. That's actually incredibly weak and very, very vulnerable," Jones warned.

Experts also advise you to find out how trained and prepared your healthcare provider or health insurer is against data breaches.