(shared from Medcurity) Looking back at past HIPAA breach trends can give us a more accurate view of where HIPAA is going in the future. Is HIPAA compliance going to be more or less important as we go into 2022? The data shows that preventing a HIPAA breach may be a more crucial focus area this year than ever before.
The average cost of a HIPAA breach in 2021 was $9.23 million, up from the $7.13 million average in 2020, which was up 10% from the year before. The number of major breaches also increased over the year, with 713 major breaches posted so far for 2021, compared to 663 in 2020. 45.7 million individuals were affected by these breaches in 2021, the highest number since the record-breaking Anthem hacking incident in 2015.
Too many organizations went into 2021 with the belief that one of these huge data breaches “could never happen to them.” That’s why we want to make sure we share these alarming statistics, to raise awareness to the fact that the number of incidents is increasing and the financial and reputational costs of a breach have never been higher.
Medical device security risks proved to be a major threat to healthcare security in 2021, but cyberattacks were the number one cause of compromised health information. Many of these cyberattacks used ransomware, now viewed by the DOJ and most security professionals as a threat equal to terrorism. Despite this, we’ve seen communication between healthcare provider executives and cybersecurity experts increase, pointing towards greater provider focus on preventing these threats.
In a landscape that is still affected by ongoing COVID-19 changes, healthcare providers will face many of the same risks in 2022. Once again, cybersecurity is going to have to be a focus area for all organizations, regardless of size.
It’s important for you as a healthcare provider to be aware of the increasing danger of data breaches. Because of trends like the ones above, complying with HIPAA is now about much more than meeting requirements. Activities such as conducting security risk analyses and risk management/business continuity planning are huge steps toward protecting your organization from the time, reputation, and financial costs of a breach.
In the area of compliance, we may be seeing some big changes soon. A proposed change to the HIPAA Privacy Rule may give patients the ability to request that their health records be sent electronically from their provider to any other third party. If passed, this change may increase security risk to data being moved, while expanding the potential of clinical health studies. The proposed change may also remove the requirement for providers to receive written acknowledgement from patients upon receipt of their Notice of Privacy Practices.
Your patients are relying on you to keep their protected health information safe this year. We want to ensure you are fully equipped to protect sensitive data in 2022, while providing the best patient care. Let us know if you have any questions about how the Medcurity platform can help you bring clarity to HIPAA compliance.