Protecting patient data is at the heart of the healthcare industry. Yet, data breaches remain a persistent threat, compromising patient privacy and disrupting healthcare operations.

These breaches can lead to identity theft, financial loss, and significant emotional distress for affected individuals. Moreover, data breaches disrupt healthcare operations, causing system downtimes, delaying treatments, and straining resources as organizations work to contain the breach and mitigate its effects. The ripple effects of a data breach extend beyond immediate damage, potentially resulting in long-term reputational harm, legal repercussions, and substantial financial costs for healthcare institutions. Consequently, maintaining the integrity and security of patient data is not just a regulatory requirement but a fundamental ethical responsibility that underpins the entire healthcare system.

In this blog, we review the healthcare data breaches of 2023, as reported by the Department of Health and Human Services (HHS), examining their causes, sources of attack, and the number of health records affected.

‍

The Rising Number of Healthcare Data Breaches

The number of healthcare data breaches is increasing every year. In 2016, there were 329 reported breaches in the healthcare sector, but by 2023, this number had soared to 739 – nearly two breaches every single day.

Before 2019, healthcare data breaches remained under 500 annually. Since 2020, this number has consistently exceeded 660 each year. As of February 2024, nearly 100 healthcare data breaches have already been reported. (Alder, 2024)

‍

The Main Causes of Healthcare Data Breaches

Of the 739 data breaches reported in 2023, a staggering 80% were attributed to hacking or IT incidents. Hacking and IT incidents have been the predominant cause of breaches, with ransomware attacks driving the numbers higher each year. (Alder, 2024)

‍

Common Sources of Healthcare Data Breaches

In 2023, breaches involving network servers accounted for over two-thirds (68.2%) of all healthcare data breaches, a significant increase from 56.6% in 2022. Conversely, email-based attacks decreased from 22.9% in 2022 to 18.1% in 2023.(Alder, 2024)

‍

Impact on Healthcare Records

The 739 data breaches in 2023 affected more than 136 million individual records—more than double the number of records breached in 2022. This marks the first time since 2015 that over 110 million records were compromised in a single year.(Alder, 2024)

‍

Average Number of Records Breached

From 2018 to 2022, healthcare data breaches affected an average of about 72,300 records. However, in 2023, this average skyrocketed to about 184,000 records per breach. Notably, eight breaches in 2023 each impacted more than 4 million records, with the largest affecting over 11 million records.(Alder, 2024)

‍

Targeted Organizations

HHS tracks breaches across four types of organizations: healthcare providers, health plans, business associates, and healthcare clearinghouses. Healthcare providers consistently report the highest number of breaches, likely due to the vast number of hospitals and outpatient facilities compared to fewer than 1,000 health insurance carriers.

‍

In 2023, healthcare providers accounted for 62.2% of data breaches. Business associates experienced 23.4% of breaches, while 13.9% occurred at health plans. (Alder, 2024)

‍

---

‍

Understanding these trends helps us stay vigilant and proactive in protecting patient data. By learning from these breaches, we can strengthen our defenses and ensure a more secure future for healthcare information.

‍

Don’t Become Another Statistic. 

Take our easy 5 minute risk assessment to gauge your systems vulnerabilities and talk with us about how we have helped others in the healthcare space avoid contributing to these alarming numbers.

‍

‍

References

Alder, S. (2024, June 20). Healthcare Data Breach Statistics. The HIPAA Journal. Retrieved July 18, 2024, from https://www.hipaajournal.com/healthcare-data-breach-statistics/

‍