Healthcare data breaches appear to be on the decline for now.
The HIPAA Journal reported just 58 breaches in March – the lowest total for the month of March since 2022, and a 46% reduction from the 98 breaches reported in March 2023.
Relatedly, the number of individuals affected by healthcare data breaches is also on the decline, falling for the third straight month to just over 1.7 million people, a 23% reduction from February and a 43.8% reduction since January.
The number of affected individuals in March was 76.2% lower than the monthly average last year. Excluding the Change Healthcare breach – which was an outlier in terms of its size and impact – an average of almost 7.4 million people were affected by healthcare data breaches each month.
More people were affected each month in 2024 than were affected in January, February and March of this year combined, the data showed.
WHAT'S THE IMPACT
Pulling data from the Department of Health and Human Services' Office for Civil Rights, HIPAA Journal reported that there were 18 healthcare data breaches in March that affected at least 10,000 people. Six of the breaches affected 100,000 or more individuals.
All were reported as hacking/IT incidents; because of the trend of limiting the information that's provided to breach victims in notices, HIPAA Journal said it's difficult to identify ransomware trends, which is rarely mentioned in breach notification letters.
There were 42 reported hacking incidents in the month, or about 79% of total reported breaches. Across those 42 incidents, more than 1.7 million people saw their information exposed, stolen or disclosed, which is 95.2% of the month's total.
Nine incidents (16.98%) were linked to unauthorized access or disclosure, and there were two theft incidents (3.77%). Network servers were the most common location of breached protected health information.
Michigan and Minnesota had the most data breaches of any state, at four apiece, but Tennessee saw the highest number of individuals affected, at 667,756. Kansas had a single breach that affected more than 220,000 people.
THE LARGER TREND
A KnowBe4 report published in June showed that a surge in cyberattacks contributed to a steep rise in cyberattack costs for healthcare organizations, with the average breach cost nearing $11 million – more than three times the global average – making healthcare the costliest sector for cyberattacks.
Ransomware attacks have dominated, accounting for over 70% of successful cyberattacks on healthcare organizations in the past two years.
Last week, Yale New Haven reported that a March data breach affected more than 5 million people. The health system said 5,556,702 people were impacted by the cyberattack.
Jeff Lagasse is editor of Healthcare Finance News.
Email: jlagasse@himss.org
Healthcare Finance News is a HIMSS Media publication.