Of the 421 hacking/IT situations and illicit access/disclosure situations attributed to care services across the United States reported to the U. S. Department of Health and Human Services this time, the top 15 data breaches affected 24, 755, 791 people. WHY IT MATTERSThis month’s major two largest care data breaches are Change Healthcare, with 100 million people affected, and Kaiser Foundation Health Plan, with 13.4 million people affected, according to a list of the 10 largest U. S. wellness data breaches in 2024. According to a search of the breach portal’s files up until December 30th, healthcare providers ‘ network machines were also a prime target for hacking or illicit access/disclosure, despite these breaches far exceeding the influence across all types of HIPAA-covered institutions. According to the HHS record of circumstances currently under investigation, the following 15 medical service organizations suffered severe health data breaches this time: Ascension Health, affecting 5, 599, 699 patients. Concentra Health Services, Inc., affecting 3, 998, 163 patients. Acadian Ambulance Service, Inc., affecting 2, 896, 985 patients. Integris Health, affecting 2, 385, 646 patients. Summit Pathology/Summit Pathology Laboratories, Inc., affecting 1, 813, 538 patients. Geisinger, affecting 1, 276, 026 patients. Eastern Radiologists, Inc., affecting 886, 746 patients. Superior Air-Ground Ambulance Service, Inc., affecting 858, 238 patients. Texas Tech University Health Sciences Center El Paso, affecting 815, 000 patients. OnePoint Patient Care, affecting 795, 916 patients. Ann &, Robert H. Lurie Children’s Hospital of Chicago, affecting 775, 860 patients. Florida Department of Health, affecting 729, 699 patients. Orthopedics NY, LLP, affecting 656, 086 patients. Texas Tech University Health Sciences Center, affecting 650, 000 patients. Risas Dental &, Braces, affecting 618, 189 patients. Note that the federal health data breach portal does not yet include details about a alleged massive breach of a recent cyberattack on PIH Health. Following a December 1 cyber incident, the California-based health system is updating its website frequently, but it did not respond to an alleged circulating ransom letter, as reported by the Whittier Daily News. In the typewritten letter, the hackers claimed to have stolen about two terabytes of data, including 17 million patient records that contain personal and medical information, photos, patient notes and more, according to the December 14 story. More than 40 million people would be affected by the top 15 data breaches involving healthcare providers in the United States in 2024 if a forensic investigation discovered that data had indeed been exposed. After being devastated by a devastating ransomware attack by the ALPHV ransomware gang on February 21, THE LARGER TRENDUnitedHealth Group announced in May that it is rebuilding Change Healthcare with cloud-based security. However, the massive payments clearinghouse outage dramatically hampered patient care and caused significant financial strains for healthcare providers who were unable to avoid treatment delays due to the largest electronic health information of any healthcare data breach in history. HHS and the Office for Civil Rights released a Notice of Proposed Rulemaking on Friday to update the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act of 2009 to address the growing threat of healthcare cyberattacks. There are several fresh proposals that would require HIPAA-covered organizations to encrypt ePHI with few exceptions, implement multifactor authentication, and list its technology assets. In a statement regarding the first HIPAA Security Rule update since 2013, OCR Director Melanie Fontes Rainer stated that” cyberattacks continue to impact the healthcare sector, with widespread escalation in ransomware and hacking causing significant increases in the number of large breaches reported to OCR annually. Andrea Fox is Healthcare IT News ‘ senior editor.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.