SecurityWeek conducted an analysis of the US Department of Health and Human Services Office for Civil Rights (HHS OCR) healthcare breach database which stores information on incidents with over 500 victims.
The OCR was informed of about 585 incidents impacting the protected health information of roughly 180 million records between January 1, 2024, and December 31, 2024.
Of the total number of data breaches, the type of entities impacted included:
- 73% – Healthcare providers
- 17% – Healthcare business associates
- 10% – Health plans
Most incidents (86%) were described as ‘hacking/IT incident’, followed by incidents involving unauthorized access or disclosures. Almost 70% involved network servers and roughly 22% involved email.
The biggest healthcare data breach of 2024 was of course the ransomware attack on Change Healthcare, resulting in the information of roughly 100 million individuals getting stolen.
Other notable incidents include:
- Kaiser Permanente – 13.4 million
- Ascension Health – 5.5 million
- HealthEquity – 4.3 million
- Concentra Health Services – 3.9 million
- Centers for Medicare & Medicaid Services – 3.1 million
- Acadian Ambulance Service – 2.8 million
- A&A Services, dba Sav-Rx – 2.8 million
- WebTPA – 2.5 million
- Integris Health – 2.3 million
- Medical Management Resource Group – 2.3 million
- Summit Pathology – 1.8 million
- Geisinger – 1.2 million
Emily Phelps, Director, Cyware:
“The number of healthcare data incidents reported in 2024 underscores the opportunity to strengthen security practices across the sector. In 2025, adopting approaches like real-time intelligence sharing and operationalizing threat intelligence can help healthcare entities work more effectively. By fostering collaboration and integrating automation and orchestration, healthcare organizations can streamline their defenses, improving their ability to identify and respond to threats quickly. A collective defense model enables organizations to share insights and best practices, building a more resilient and connected ecosystem that better protects sensitive patient information and ensures uninterrupted care.”
This is a reminder that the health care sector is a target rich environment for threat actors. This needs to change and ASAP. Otherwise I will have a similar story next year for you to read.
Like this:
Like Loading...
Related
This entry was posted on January 17, 2025 at 3:17 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
2024 US Healthcare breaches: 585 incidents, 180 million compromised records
SecurityWeek conducted an analysis of the US Department of Health and Human Services Office for Civil Rights (HHS OCR) healthcare breach database which stores information on incidents with over 500 victims.
The OCR was informed of about 585 incidents impacting the protected health information of roughly 180 million records between January 1, 2024, and December 31, 2024.
Of the total number of data breaches, the type of entities impacted included:
Most incidents (86%) were described as ‘hacking/IT incident’, followed by incidents involving unauthorized access or disclosures. Almost 70% involved network servers and roughly 22% involved email.
The biggest healthcare data breach of 2024 was of course the ransomware attack on Change Healthcare, resulting in the information of roughly 100 million individuals getting stolen.
Other notable incidents include:
Emily Phelps, Director, Cyware:
“The number of healthcare data incidents reported in 2024 underscores the opportunity to strengthen security practices across the sector. In 2025, adopting approaches like real-time intelligence sharing and operationalizing threat intelligence can help healthcare entities work more effectively. By fostering collaboration and integrating automation and orchestration, healthcare organizations can streamline their defenses, improving their ability to identify and respond to threats quickly. A collective defense model enables organizations to share insights and best practices, building a more resilient and connected ecosystem that better protects sensitive patient information and ensures uninterrupted care.”
This is a reminder that the health care sector is a target rich environment for threat actors. This needs to change and ASAP. Otherwise I will have a similar story next year for you to read.
Share this:
Like this:
Related
This entry was posted on January 17, 2025 at 3:17 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.