US Patient Information Records Breaches Doubled In 2023


The surge in exposed records as well as large breaches in 2023 suggest that once bad actors go on to gain access to healthcare organizations’ networks, they happen to be taking even larger sets of patient data, as per the Fortified report.

Breaches due to hacking as well as IT incidents, which go on to include malware, ransomware, as well as phishing attacks, have gone up in the past decade, making up almost 80% of reported breaches in 2023. Meanwhile, physical thefts of records have reduced as organizations transition towards electronic health record systems.

It is well to be noted that the number of business associates, outside people, or even organizations that go on to perform work for entities covered under HIPAA, such as health plans or providers, is growingly involved when it comes to data breaches, too. Business associate breaches grew by 22% year over year in 2023, as per the report.

Notably, the spectrum of cybersecurity has gone on to become a major challenge for healthcare organizations as the sector digitizes and hackers aim to exploit the wealth of priceless personal data.

In the past decade, above 5,100 healthcare breaches have gone on to compromise the data from almost 489 million patient records all through the US, the report states. Those breaches can go on to have significant consequences for providers as well as patients. The average cost of a healthcare breach went on to touch almost $11 million in 2023, thereby growing over 50% since 2020, as per the recent report from the Ponemon Institute and IBM Security. 

Ransomware attacks, in which the hackers demand payment so as to return access to critical systems as well as data, can go on to disrupt hospital operations for weeks, thereby endangering the lives of the patients.

It is worth noting that Ardent Health Services was, in fact, forced to divert emergency care to facilities nearby across multiple states and also put elective procedures on hold due to an attack on the occasion of Thanksgiving. The hospital operator went on to announce that in January 2024, it was able to completely restore access to its MyChart patient portal.

As data and security breaches become more evident and kind of common, regulators have gone on to show an increased interest when it comes to pushing healthcare organizations in order to boost their cybersecurity steps.

The HHS went ahead and released a working paper late in 2023, which included proposing hospital cybersecurity benchmarks by way of Medicare and Medicaid. The Biden administration can very well go on to soon unbox new needs for hospitals, as per the Messenger.