As many as 172 million people, or more than half the U.S. population, may have been affected by significant health data breaches reported to the Department of Health and Human Services in 2024, analysis finds STAT from HHS office records. Civil rights. This is a new record for the magnitude of major health care violations, breaking a settled last year.
The vast majority of these health data breaches – 532 of the 656 reported as of December 4 – are the result of hacks and ransomware attacks, continuing a years-old trend. Since 2018, HHS has reported a 264% increase in major ransomware breaches, and seven health systems have been fined up to $950,000 for failing to protect patients’ protected health information from attacks. ransomware attacks.
But existing enforcement measures have not been enough to stem the tide. “We’re going to see these numbers continue to increase as we have more and more health IT vendors and more and more startups in the space that have access to the data,” said Andrew Mahler, vice-president President of Privacy and Compliance at Health Care. Clearwater risk auditor and former OCR investigator. The HHS Office of Inspector General recently released a report revealing that OCR failed to conduct HIPAA Security Rule compliance audits. since 2017.
This article is reserved for STAT+ subscribers
Unlock this article – and get additional analysis of the technologies disrupting healthcare – by subscribing to STAT+.
Already have an account? Log in