HIPAA Breach Report for January 2024

The HIPAA breach report for January 2024 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in December 2023.

This report covers:

• HIPAA breaches ranked by people affected
• HIPAA breaches ranked by occurrence
• Year-over-year comparison
• Takeaways
• Full data

HIPAA breaches ranked by people affected

Most common breaches by type

• Network server breaches affected the most people in December 2023. 11,151,487 individuals had their data breached.
• Electronic medical record breaches were the second most common breach, with 911,757 people affected.
• Email breaches affected 137,008 people, the third most common breach type.

HIPAA breaches ranked by occurrence

Most common breach types

• Network server was the most common attack vector in December 2023. There were 51 network server breaches.
• Email breaches were the second most common attack vector. There were 14 email breaches.
• Paper/films breaches were the third most common attack vectors, each garnering 4 attacks during the month.

Year-over-year comparison

These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (January 2020, January 2021, January 2022, January 2023) with this month’s report.

HIPAA breaches ranked by people affected

What we observe

• Network server, email, and electronic medical record breaches affected the most people overall across this comparison.
• Email breaches remain a serious threat, and are up 41% over January 2023's breach report.
  
• The number of people affected by network server breaches is the highest it has been in the last five Januaries, driven by an attack on HealthEC LLC and ESO Solutions, Inc. affecting 7,152,782 individuals combined.

HIPAA breaches ranked by occurrence

What we observe

• Network server, email, and paper/films breach types were the most common attack vectors in this comparison.
  
• 51 Network server breaches were reported, which is up drastically from the previous years and more than twice that of December 2023.
• The total number of breaches has increased in this month's report compared to all previous January breach reports on record.

Takeaways

Network Server breaches affected the most people in December 2023. HealthEC LLC had the most significant breach that affected 4,452,782 people. ESO Solutions, Inc. had the second-largest breach, which affected 2,700,000 people.

The yearly comparison shows that network server breaches were the most popular attack vectors for bad actors over the last five December months, with email being the second most common.

Overall, over 21 million individuals had their data accessed via 235 breaches during the last five Decembers.

Full data

Click here to view the HHS’ raw data via Google Sheets.

About the Paubox HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in December 2023.

SEE ALSO: HIPAA Compliant Email: The Definitive Guide

Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.