HIPAA Breach Report for December 2023

The HIPAA breach report for December 2023 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in November 2023.

This report covers:

• HIPAA breaches ranked by people affected
• HIPAA breaches ranked by occurrence
• Year-over-year comparison
• Takeaways
• Full data

HIPAA breaches ranked by people affected

Most common breaches by type

• Network server breaches affected the most people in November 2023. 22,108,577 individuals had their data breached.
• Other breaches were the second most common breach, with 115,930 people affected.
• Email breaches affected 28,550 people, the third most common breach type.

HIPAA breaches ranked by occurrence

Most common breach types

• Network server was the most common attack vector in November 2023. There were 49 network server breaches.
• Email breaches were the second most common attack vector. There were 10 email breaches.
• Paper/films and other breaches were the third most common attack vectors, each garnering 3 attacks each during the month.

Year-over-year comparison

These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (December 2019, December 2020, December 2021, December 2022) with this month’s report.

HIPAA breaches ranked by people affected

What we observe

• Network server, email, and electronic medical record breaches affected the most people overall across this comparison.
• Email breaches remain a serious threat, but have been declining over the last five Novembers.
  
• The number of people affected by network server breaches is the highest it has been in the last 5 November, driven by an attack on Perry Johnson & Associates and Welltok affecting 17,445,591 individuals combined.

HIPAA breaches ranked by occurrence

What we observe

• Network server, email, and paper/films breach types were the most common attack vectors in this comparison.
  
• November Network server breaches are up from the previous years, and almost twice that of November 2021.
  
• The number of breaches has increased in November 2023 compared to previous Novembers.

Takeaways

Network Server breaches affected the most people in November 2023. Perry Johnson & Associates. had the most significant breach that affected 8,952,212 people. Welltok, Inc. had the second-largest breach, which affected 8,493,379 people.

The yearly comparison shows that network server breaches were the most popular attack vectors for bad actors over the last 4 November months, with email being the second most common.

Overall, over 32 million individuals had their data accessed via 235 breaches during the last 5 Novembers.

Full data

Click here to view the HHS’ raw data via Google Sheets.

About the Paubox HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in November 2023.

SEE ALSO: HIPAA Compliant Email: The Definitive Guide

Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.