By Art Gross, President and CEO, HIPAA Secure Now!
Read other articles by this author
The Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services is responsible for enforcing compliance with the Health Insurance Portability and Accountability Act (HIPAA). As part of its mandate, the OCR annually releases a report on data breaches in the healthcare industry. The most recent report, which covers the year 2021, was recently released.
According to the data, there were a total of 798 reported data breaches in the healthcare industry in 2021. These breaches affected a total of 52.8 million individuals, which is a significant increase from the 38 million individuals affected in 2020. The most common type of breach was hacking or IT incidents, which accounted for 56% of all breaches. Unauthorized access or disclosure of protected health information (PHI) was the second most common type of breach, accounting for 24% of incidents.
Businesses of All Sizes Affected
One notable finding from the report is that smaller healthcare providers were disproportionately affected by data breaches. While larger providers (those with more than 500 employees) accounted for the majority of reported breaches, the rate of breaches per capita was much higher among smaller providers. This suggests that smaller providers may be more vulnerable to cyber-attacks. This also seems to indicate that there may need additional support to improve their cybersecurity posture.
The report also notes that ransomware attacks continue to be a significant threat to the healthcare industry. In these types of attacks, hackers encrypt a provider’s data and demand payment in exchange for the data they are holding for ransom. These attacks can be particularly damaging to healthcare providers. Why? They may find they are unable to access critical patient data during the attack. The situation could be a matter of life and death.
HIPAA and Cybersecurity Work in Tandem
The OCR report emphasizes the importance of HIPAA compliance in preventing data breaches. Providers who are HIPAA compliant are more likely to have robust security measures in place to protect PHI from cyber threats. Also important is the need for providers to implement effective incident response plans in the event of a data breach. An effective incident response plan can help minimize the damage caused by a breach and can help providers to recover more quickly. Knowing that the risk exists isn’t enough – you need to be ready to act should your business face a breach.
This report serves as an important reminder of the ongoing threat of cyber attacks. Additionally, it should be a reminder and emphasize the need for healthcare providers to take cybersecurity seriously. By implementing effective security measures and incident response plans, providers can help protect their patients’ sensitive data and maintain their trust.
This article was originally published on HIPAA Secure Now! and is republished here with permission.