In an article titled Healthcare Data Breach Statistics, HIPAA Journal revealed that 2024 saw the single largest healthcare data breach on record, affecting 190 million individual records. This followed a record-breaking 2023, which saw 725 breaches containing over 133 million records exposed. Healthcare businesses now face serious risks as data breaches not only put patient records at risk, but also open the door to potential HIPAA violations.
IT incidents such as hacking and ransomware attacks are driving the surge. Between 2018 and 2023, hacking-related breaches rose by 239%, while ransomware incidents increased by 278%.
Despite the growing threat, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has over 850 cases still under investigation. This figure has only lessened slightly from 2023 to 2024, which HIPAA Journal attributes to a chronic lack of funding.
From 2009 to 2015, most breaches were motivated by information theft, according to HIPAA Journal. The adoption of digital recordkeeping and encryption may have reduced some incidents. Improper data disposal and unauthorized access or disclosure can also cause breaches.
Between 2015 and 2022, 32% of all reported breaches occurred in the healthcare industry, highlighting the high value of personal health records on illicit markets.
HIPAA violations may carry steep penalties, with four tiers, each with respective fines that can reach into the millions. For healthcare businesses, data breaches and HIPAA violations are a call to action to invest in cybersecurity infrastructure, ensure compliance, and protect patient data.