Lessons from 2024 Healthcare Data Breaches

January 24, 2025 – Published on The HIPAA Journal

For the fourth consecutive year, more than 700 data breaches of 500 or more healthcare records were reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

While there appears to have been a slight year-over-year reduction in large data breaches, the current total is certain to increase. On January 18, 2023, 725 large data breaches had been reported to OCR, but the total now stands at 747. On January 20, 2024, 721 data breaches had been added to the OCR breach portal. By the time OCR adds in all of last year’s reported data breaches, the final figure for 2024 is likely to be very similar to the record-breaking data breach figures for 2023.

The Annual Report from GuidePoint Security on the ransomware and cyber threat landscape highlighted the extent of the problem. The law enforcement operations have been successful and have dealt significant blows to certain groups, but their impact on the overall threat landscape has been limited. Ransomware-as-a-service groups continue to proliferate and there were record numbers of victims in Q4, 2024 (1,600+), although year-over-year growth in victims fell to 8.72% from 76.8% growth from 2022 to 2023. While actions against large groups such as ALPHV and LockBit have hampered their ability to operate, the RaaS business model means that affiliates are free to leave a disrupted operation and join another group and the last year has seen a 40% year-over-year increase in active threat groups.

Read More HERE.