Amid the global COVID-19 pandemic, the federal tally shows that a record number of major health data breaches were reported in the U.S. in 2021. The overwhelming majority of them involved hacking/IT incidents.
As of January 17, the Department of Health and Human Services’ HIPAA Breach Reporting Tool website shows 713 major health data breaches affecting more than 45.7 million individuals posted for 2021.
4 Common Date Breaches
- Hacking/IT incidents were the most dominant type of health data breach. Hacking/IT incidents were involved in 73% of all 2021 breaches posted to the HHS website so far, but those incidents were responsible for about 94% of individuals affected.
- Some 147 “unauthorized access/disclosure” breaches affected more than 2.2 million individuals in 2021. That’s about 20% of total breaches and about 4.8% of those individuals involved in 2021.
- Only 16 loss/theft breaches involving unencrypted computing devices – such as laptops and mobile storage gear – were posted to the HHS website in 2021. Those incidents, which were the primary source of significant health data breaches in years past, affected fewer than 100,000 individuals in 2021.
- Business associates were reported as being involved in 251 breaches affecting 21.3 million individuals in 2021. That means vendors and other business associates handling protected health information were involved in about 35% of major HIPAA breaches in 2021. Those business associate incidents affected about 46% of all individuals affected by major health data breaches last year.
Driving Forces Behind Cyberattacks
“Breaches will increase as businesses continue to automate more. Data is the new currency in the cyber world,” says Tom Walsh, founder of privacy and security consultancy tw-Security.
But that is not just a healthcare sector problem, some experts note. “I assume the number of breaches across industries has risen. [This] goes along with the worldwide nature of cyber business and security and crime. And the pandemic exacerbates it all,” says Kate Borten, president of privacy and security consultancy The Marblehead Group.
Hacking incidents, in particular, will continue to plague the healthcare sector, Walsh says. “Hackers have stepped up their efforts. With new tools available, it’s even easier for someone with basic experience to launch a more sophisticated attack,” he says.
Walsh says hackers had to be technically skilled in operating systems and software to launch an attack successfully. But now, software-as-a-service tools and tools using artificial intelligence are making it easier for novice hackers.