STAT+: Change Healthcare cyberattack drives 2024 into another record year for health data breaches

As many as 172 million individuals — more than half the population of the United States — may have been impacted by large health data breaches reported to the Department of Health and Human Services in 2024, according to a STAT analysis of records from HHS’ Office for Civil Rights. It’s a new record for the scale of large health care breaches, breaking one set just last year

The vast majority of those health data breaches — 532 of the 656 reported as of December 4 — have resulted from hacks and ransomware attacks, continuing a years-long trend. Since 2018, HHS has reported, it has seen a 264% increase in large ransomware breaches, and seven health systems have been fined up to $950,000 for failing to protect patients’ protected health information from ransomware attacks. 

But existing enforcement hasn’t been enough to stem the tide. “We’re going to see these numbers continue to go up as we have more and more health I.T. vendors, more and more startups in the space that have access to data,” said Andrew Mahler, vice president of privacy and compliance at health care risk auditor Clearwater and former OCR investigator. HHS’ Office of Inspector General recently issued a report finding that OCR hasn’t conducted audits of compliance with the HIPAA security rule since 2017.

Continue to STAT+ to read the full story…

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!