The 2024 Breach Barometer® by Protenus has unveiled shocking statistics, indicating a significant breach of 171 million patient records in 2023. Notably, this represents an alarming 187% surge compared to the preceding year, shedding light on the escalating magnitude of data breaches in the healthcare sector. The report raises critical concerns regarding the accuracy of reported breach numbers, acknowledging the inherent challenges in quantifying breached records due to discrepancies in reporting, undisclosed breach details, and complexities in determining the actual scope of the incidents. Furthermore, the report delves into HHS OCR’s response to breaches, emphasizing the preference for educational approaches over punitive actions. This approach provides room for pondering the anticipated outcomes for 2023, given the non-disclosures and purported failures to comply with the HIPAA Security Rule by numerous entities.
Protenus’s 2024 Breach Barometer® draws attention to the complexities faced by healthcare entities in accurately reporting breach incidents, with over 50 cases utilizing substitute markers for the number of affected records. Additionally, the lack of stringent requirements for states to mandate comprehensive breach reports further contributes to the challenge of obtaining a complete picture of the breach landscape. Notably, the report highlights the ineffectiveness of distinguishing between ransomware attacks and non-encryption hacking incidents due to non-disclosures and lack of transparency in incident reporting. This year’s report also scrutinizes HHS’s response to breaches and the organization’s 2022 annual report, raising pertinent questions about compliance, prevention, and the need for more effective strategies to safeguard patient data and ensure regulatory adherence.
