The frequency of cyberattacks targeting companies handling health data is steadily increasing, resulting in a surge of costly litigation, according to a comprehensive Bloomberg Law analysis. This year, the monthly average of new class actions filed for health data breaches is nearly double that of 2022, with many lawsuits seeking multi-million-dollar civil damages.
Amid a gradual rise in health cyber incidents, the health industry remains a prime target for cybercriminals aiming to exploit valuable personal data for fraudulent purposes.
Furthermore, the litigation spike is driven by factors like proliferating ransomware attacks, public notification rules, and heightened consumer awareness about privacy issues. The Health Insurance Portability and Accountability Act (HIPAA) regulations mandating breach notifications have made security incidents more public in the health industry, leading to increased litigation rates.
Additionally, large hospital systems and healthcare entities are attractive targets for cybercriminals due to their financial resources and willingness to pay to resolve ransomware attacks.
The litigation landscape is expected to continue evolving, with potential factors such as the Federal Trade Commission’s proposal to require non-HIPAA entities to report health-related breaches. Despite a lack of concrete legal precedents, the health industry remains a frequent target of cyberattacks, spurring the need for increased vigilance and preparedness among healthcare organizations to protect sensitive patient data.