The HIPAA Journal, a well-known website that provides broad coverage of HIPAA compliance and news, recently released its December 2021 Healthcare Data Breach Report.  The Data Breach Report analyzes data breach statistics provided by HHS’ Office for Civil Rights (OCR) and provides the information in a clear form.  

The Data Breach Report provides interesting statistics related to December 2021 and the overall 2021 year.  There was a decrease of 17.6% in data breaches reported to OCR in December 2021 than in November 2021.  Specifically, there were 56 data breaches of 500 or more healthcare records reported to OCR in December 2021, which was just below the 59 data breach monthly average in 2021, according to the HIPAA Journal.  While December reflected a decrease from the prior month, there were 70 more data breaches in 2021 than in 2020.  

Understandably, the rise and fall of data breaches does not always correlate with the number of records exposed.  Such was the scenario in December 2021.  Although the number of data breaches in December 2021 decreased by over 17%, the HIPAA Journal reports that the number of records exposed or impermissibly disclosed increased by approximately 24.5%.  December 2021 data breaches left 2.95 million records exposed or impermissibly disclosed.  Two ransomware attacks accounted for the exposure of approximately 1.28 million records and there were 18 data breaches in December with 10,000 or more records exposed.  As of the date that the Data Breach Report was published, the HIPAA Journal reports that OCR data indicated that 45.7 million healthcare records were exposed in 2021, reportedly the second-highest number of exposed records in the last 12 years.

While data security may appear to be a monumental task, simple and consistent safeguards may produce substantive results.  According to the HIPAA Journal, eight of the largest breaches in December involved compromised email accounts, including phishing campaigns.  Companies should try to remain in compliance with various state and federal laws regarding privacy and IT security and take steps to improve their IT security.

The Data Breach Report can be viewed here and OCR statistics can be viewed here.

The attorneys at Chilivis Grubman represent clients of all sizes in connection with data breaches and cybersecurity matters, including regulatory obligations and litigation arising therefrom.  If you need assistance with such a matter, please contact us today.