The annual number of ransomware attacks more than doubled in that period from 43 to 91, for a total of 374 incidents that exposed the personal health information (PHI) of nearly 42 million patients, according to the research paper published by the American Medical Association’s JAMA Health Network.
RiskLens is the leader in cyber risk quantification.
The researchers pulled data from the incidents reported to the U.S. federal HHS Office of Civil Rights (OCR) breach database, as required for HIPAA-covered organizations, and turned up 84 attacks that were not reported. They also discovered that 54% of the attacks were reported to OCR later than the mandated 60-day reporting period.
More details on ransomware’s toll on healthcare:
>>44% of the events disrupted patient care, 8.6% for more than two weeks. Hospitals were most likely to experience a disruption.
>>PHI records exposure increased more than 11-fold, from approximately 1.3 million in 2016 to more than 16.5 million in 2021.
>>During the five-year study period,…