- Home
- About Us
- Membership
- Advocacy
- Whitepapers & Reports
- Ohio Council PAC
- Find My Legislators
- Ohio Medicaid Matters
- The Ohio Association for the Treatment of Opioid Dependence
- Report: 2024 School-Based Summary
- Events
- News
- Resources
- My Profile
- Key Resources for Medicaid Billing
- Key Resources for Medicaid Next Generation Implementation
- Rules Governing OhioMHAS Certified Providers
- Job Bank
|
Research Explores US Health Care Ransomware & Data Breaches New research has shown that between 2010 and 2024, Health Care Protected Health Information (PHI) data breaches have surged, driven largely by hacking/ IT incidents, particularly ransomware attacks. Researchers from Michigan State University, Yale, and Johns Hopkins have released new research, exploring ransomware attacks across all Health Insurance Portability & Accountability Act (HIPAA)-covered entities from 2010 to 2024 to examine the prevalence of these and their contribution to Protected Health Information (PHI) data breaches. Hacking and information technology (IT) incidents became the leading cause of healthcare data breaches in 2017; and between 2016-2021, there were 376 ransomware attacks on healthcare delivery organizations. One of the largest ransomware attacks in recent memory on ChangeHealthcare compromised the PHI of 100 million individuals, disrupted care delivery nationwide, and incurred $2.4 billion in response costs. This study examined data breaches affecting 500 or more patient records reported to the US Department of Health & Human Services (HHS) from 2009-2024. The total number of PHI data breaches increased from 216 in 2010 to 566 in 2024, with hacking or IT incidents increasing from only 4% of all incidents (8 of 2016) in 2010 to 81% of all incidents (457 of 566) in 2024. The number of patient records affected by PHI data breaches increased significantly during this same time period, going from only 6 million patient records in 2010 to more than 170 million patient records in 2024, with hacking or IT incidents accounting for nearly all (91%) of those PHI breaches. While the dramatic increase in PHI data breaches from ransomware or hacking incidents is troubling, researchers suggest that these findings likely underestimate the frequency of these issues, due to underreporting, reluctance to disclose ransom payments, and the study’s exclusion of data breaches affecting fewer than 500 patient records. Researchers suggest that hospitals, clinics, health plans, and other HIPAA0covered entities are particularly vulnerable to ransomware attacks due to limited cybersecurity resources. Researchers suggest that significant additional research and policy solutions to mitigate these challenges should be explored, including:
|
The Ohio Council of Behavioral Health & Family Services Providers
17 S. High Street - Suite 799, Columbus, OH 43215
Phone: 614-228-0747
Fax: 614-228-0740
www.theohiocouncil.org
Back to top