Am J Emerg Med. 2023 Apr 5:S0735-6757(23)00187-0. doi: 10.1016/j.ajem.2023.04.001. Online ahead of print.
INTRODUCTION: Cyberattacks are one of the most widespread, damaging, and disruptive forms of action against healthcare entities. Data breaches, ransomware attacks, and other intrusions can lead to significant cost both in monetary and personal harm to those affected and may result in large payouts to cyber criminals, crashes of information technology systems, leaks of protected health and personal information, as well as fines and lawsuits. This study is a descriptive analysis of healthcare-related cyber breaches affecting 500 or more individuals in the past decade in the United States.
METHODS: The publicly available U.S. breach report database was downloaded in the Microsoft Excel (Microsoft, Redmond, Washington, USA) format and searched for all reported breaches occurring between January 1, 2011 - December 31, 2021 (10 years). Breaches were subdivided by category and analyzed by states, breach submission dates, types of breach, location of breached information, entity type, and individuals affected. All subcategories were predefined by the breach report.
RESULTS: There were a total of 3822 PHI breaches that affected 283,335,803 people in the United States from January 1, 2011 to December 31, 2021. Of the 3822 PHI breaches, 1593 (41.7%) were hacking/ IT related, 1055 (27.6%) were listed as unknown, 819 (21.4%) were theft related, 194 (5.1%) were loss related, 97 (2.5%) were related to improper disposal and 64 (1.7%) were listed as "others". Year 2020 saw the most breaches with 631 and California was the state with the highest number of breaches at 403.
CONCLUSION: Cyberattacks and healthcare breaches are one of the most costly and disruptive situations facing healthcare today. A total of 3822 breaches affecting 283,335,803 people in the United States were recorded from January 1, 2011 to December 31, 2021. By understanding the extent of cyberthreats this will better prepare healthcare organizations and providers to mitigate, respond, and recover from these devastating attacks.