{"id":15150,"date":"2026-04-15T06:01:59","date_gmt":"2026-04-15T10:01:59","guid":{"rendered":"http:\/\/cyber-glossary\/ot-threat-intelligence-duplicate-15146\/"},"modified":"2026-04-15T06:42:58","modified_gmt":"2026-04-15T10:42:58","slug":"healthcare-data-breaches","status":"publish","type":"glossary","link":"https:\/\/www.netwitness.com\/ja\/cyber-glossary\/healthcare-data-breaches\/","title":{"rendered":"Healthcare Data Breaches"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15150\" class=\"elementor elementor-15150\" data-elementor-post-type=\"glossary\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d7f09d2 e-flex e-con-boxed e-con e-parent\" data-id=\"d7f09d2\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7565758 elementor-widget elementor-widget-heading\" data-id=\"7565758\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What is Healthcare Data Breaches?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-da689aa elementor-widget elementor-widget-text-editor\" data-id=\"da689aa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"auto\">A healthcare data breach is any unauthorized access, acquisition, use, disclosure, or destruction of protected health information (PHI) or other sensitive data\u00a0maintained\u00a0by a healthcare organization. In regulatory terms,\u00a0particularly under HIPAA,\u00a0a breach occurs when unsecured PHI is accessed or exposed in a way not\u00a0permitted\u00a0by the Privacy Rule, thereby compromising its security or integrity.<\/span><\/p><p><span data-contrast=\"auto\">Healthcare data breaches encompass a broad spectrum of incidents, from sophisticated cyberattacks on hospital networks to an employee accidentally emailing patient records to the wrong recipient. Regardless of the method, what defines the event as a breach is that protected data leaves its authorized environment or falls into unauthorized hands.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><p><span data-contrast=\"auto\">Sensitive data at risk in these breaches includes:<\/span><\/p><ul><li><span data-contrast=\"auto\">Protected Health Information (PHI):\u00a0diagnoses, treatment records, prescription histories.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\">Electronic Health Records (EHRs):\u00a0digitized patient histories and care plans.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\">Personally Identifiable Information (PII):\u00a0names, Social Security numbers, addresses.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\">Financial data:\u00a0insurance claims, billing records, payment card information.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\">Login credentials:\u00a0usernames and passwords for healthcare portals.<\/span><\/li><\/ul><p><span class=\"TextRun SCXW95526012 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW95526012 BCX0\">Healthcare data exposure and data leakage events may not always result in confirmed misuse, but even unauthorized access to PHI\u00a0<\/span><span class=\"NormalTextRun SCXW95526012 BCX0\">constitutes<\/span><span class=\"NormalTextRun SCXW95526012 BCX0\">\u00a0a reportable breach under U.S. law. Healthcare organizations\u00a0<\/span><span class=\"NormalTextRun SCXW95526012 BCX0\">are required to<\/span><span class=\"NormalTextRun SCXW95526012 BCX0\">\u00a0notify affected individuals, the Department of\u00a0<\/span><span class=\"NormalTextRun SCXW95526012 BCX0\">Health<\/span><span class=\"NormalTextRun SCXW95526012 BCX0\"> and Human Services (HHS), and in some cases, the media, when a breach of unsecured PHI occurs.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c0a0ede e-con-full e-flex e-con e-child\" data-id=\"c0a0ede\" data-element_type=\"container\" data-e-type=\"container\" id=\"synonyms\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a3b8a4f elementor-widget__width-initial elementor-widget elementor-widget-heading\" data-id=\"a3b8a4f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Synonyms<\/h2>\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-0fdb30d e-con-full e-flex e-con e-child\" data-id=\"0fdb30d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1a15d76 elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"1a15d76\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Data Loss<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Data Breach<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Cyberattack<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Data Leakage<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">System Breach<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Security Breach<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Cyber Intrusion<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Data Exposure<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Integrity Breach<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Phishing Incident<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Insider Snooping<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Credential Stuffing<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Ransomware Attack<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.9999 23.625H5.24992C4.89642 23.625 4.57705 23.4115 4.44142 23.0851C4.3058 22.7579 4.38104 22.3816 4.63129 22.1314L12.7627 14L4.63129 5.86863C4.38104 5.61838 4.3058 5.24213 4.44142 4.91488C4.57705 4.5885 4.89642 4.375 5.24992 4.375H13.9999C14.2318 4.375 14.4549 4.46687 14.6185 4.63137L23.3685 13.3814C23.7107 13.7226 23.7107 14.2774 23.3685 14.6186L14.6185 23.3686C14.4549 23.5331 14.2318 23.625 13.9999 23.625Z\" fill=\"#BE3A34\"><\/path><\/svg>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Confidentiality Breach<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9397ba4 elementor-widget elementor-widget-heading\" data-id=\"9397ba4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Why is Healthcare a Primary Target?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ef941d5 elementor-widget elementor-widget-text-editor\" data-id=\"ef941d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW254251445 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW254251445 BCX0\">The healthcare sector occupies a uniquely attractive position for cybercriminals. Unlike financial data that can be quickly frozen or credit cards that can be cancelled, medical records\u00a0<\/span><span class=\"NormalTextRun SCXW254251445 BCX0\">contain<\/span><span class=\"NormalTextRun SCXW254251445 BCX0\">\u00a0a rich combination of information that is both permanent and highly valuable<\/span><span class=\"NormalTextRun SCXW254251445 BCX0\">,<\/span><span class=\"NormalTextRun SCXW254251445 BCX0\"> making them worth far more on the dark web than credit card numbers alone.<\/span><\/span><\/p><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">1. High-Value, Multi-Dimensional Data:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">A single electronic health record can\u00a0contain\u00a0a patient&#8217;s full name, date of birth, Social Security number, home address, employer, insurance plan details, and complete medical history. This combination enables a wide range of criminal activities,\u00a0from medical identity theft and fraudulent insurance claims to targeted phishing attacks and financial fraud. This breadth makes healthcare data breaches exceptionally lucrative for attackers.<\/span><\/p><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">2. Long Data Lifecycle:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">Medical data\u00a0remains\u00a0relevant and\u00a0accurate\u00a0for decades. A Social Security number\u00a0doesn&#8217;t\u00a0expire. A patient&#8217;s date of birth never changes. Unlike credit card data,\u00a0which becomes worthless as soon as the card is cancelled,\u00a0stolen PHI\u00a0retains\u00a0its criminal value for years, giving attackers a long window to monetize their access.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">3. Complex, Interconnected Healthcare Systems:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">Modern healthcare organizations\u00a0operate\u00a0vast, interconnected digital ecosystems. A typical health system might include hospital networks, outpatient clinics, telehealth platforms, third-party billing services, pharmacy benefit managers, and insurance portals, all sharing data. This complexity creates\u00a0numerous\u00a0entry points for a cyberattack and makes comprehensive security difficult to implement uniformly.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">4. Under-Resourced Security Infrastructure:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">Many healthcare providers, particularly community hospitals and smaller clinics, operate with lean IT budgets. Legacy systems, unpatched software, and insufficient cybersecurity staffing are common across the healthcare industry. Threat actors are well aware of these vulnerabilities and specifically target organizations they believe are less defended.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-26738ec elementor-widget elementor-widget-heading\" data-id=\"26738ec\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Common Causes of Healthcare Data Breaches<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-59d0148 elementor-widget elementor-widget-text-editor\" data-id=\"59d0148\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW225596576 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW225596576 BCX0\">Understanding the root causes of healthcare data breaches is essential for building effective defenses. The causes span the technical, human, and organizational dimensions of healthcare security.<\/span><\/span><\/p><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">1. Cyberattacks:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">Malicious external attacks are the most visible and increasingly the most prevalent cause of data security breaches in healthcare.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><ul><li><span data-contrast=\"auto\"><strong>Ransomware:<\/strong> Ransomware\u00a0attacks encrypt an organization&#8217;s data and demand payment for the decryption key. Healthcare systems are high-value targets because operational disruption,\u00a0such as losing access to patient records,\u00a0can be life-threatening, creating pressure to pay quickly.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Phishing:<\/strong> <a href=\"https:\/\/www.netwitness.com\/blog\/advanced-phishing-attack-techniques\/\" target=\"_blank\" rel=\"noopener\">Phishing emails<\/a> trick employees into revealing credentials or downloading malware. Spear-phishing campaigns targeting healthcare staff with healthcare-themed lures (e.g., fake EHR system notifications) are particularly effective.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Malware and Spyware:<\/strong> Malicious software infiltrates healthcare networks to steal data,\u00a0monitor\u00a0activity, or create backdoors for ongoing cyber intrusion.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Distributed Denial-of-Service (DDoS) Attacks:<\/strong> While not always aimed at data theft, DDoS attacks disrupt operations and are sometimes used as a diversion for simultaneous data exfiltration.<\/span><\/li><\/ul><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">2. Human Error:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">Human error\u00a0remains\u00a0one of the most common\u00a0and most preventable\u00a0causes of data breaches in healthcare.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><ul><li><span data-contrast=\"auto\"><strong>Misdirected emails or faxes:<\/strong> Sending PHI to the wrong recipient is a routine and\u00a0frequently\u00a0reported breach type.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Improper disposal:<\/strong> Discarding paper records, hard drives, or devices without proper destruction\u00a0constitutes\u00a0accidental data exposure.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Misconfigured cloud storage:<\/strong> Incorrectly configured databases or cloud buckets have exposed millions of patient records due to unintentional public access settings.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Lost or stolen devices:<\/strong> Unencrypted laptops, USBs, and mobile devices\u00a0containing\u00a0PHI are\u00a0frequently\u00a0lost or stolen, particularly in field care settings.<\/span><\/li><\/ul><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">3. Insider Threats:<\/span><\/b><\/h3><p><span data-contrast=\"auto\"><a href=\"https:\/\/www.netwitness.com\/cyber-glossary\/internal-threats\/\" target=\"_blank\" rel=\"noopener\">Internal threats<\/a> account for a significant share of healthcare data\u00a0breach\u00a0cases. Insider threats are particularly dangerous because insiders already have legitimate access to sensitive systems.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><ul><li><span data-contrast=\"auto\"><strong>Malicious insiders:<\/strong> Employees who deliberately access or steal patient data often for financial gain, personal motives, or to sell to third parties.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Negligent insiders:<\/strong> Staff who\u00a0fail to\u00a0follow security protocols, share passwords, use personal devices for work, or bypass security controls out of convenience.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Insider snooping:<\/strong> Healthcare workers accessing records of celebrities, neighbors, or family members out of curiosity.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><\/ul><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">4. Third-Party and Supply Chain Risks:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">Healthcare organizations\u00a0frequently\u00a0share data with vendors, business associates, and technology partners. These relationships expand the attack surface significantly.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><ul><li><span data-contrast=\"auto\"><strong>Business associate breaches:<\/strong> A vendor with access to PHI,\u00a0such as a billing processor, IT support firm, or cloud provider,\u00a0can become a point of compromise for multiple healthcare clients simultaneously.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Software supply chain attacks:<\/strong> Malicious code embedded in widely used healthcare software can affect hundreds of organizations at once.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Insecure APIs and integrations:<\/strong> Third-party health apps and EHR integrations often share data through APIs that may not be adequately secured.<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a8648ee elementor-widget elementor-widget-heading\" data-id=\"a8648ee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Types of Healthcare Data Breaches<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-198e799 elementor-widget elementor-widget-text-editor\" data-id=\"198e799\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW137261755 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW137261755 BCX0\">Healthcare data breaches are classified by their primary method or mechanism. The HHS Office for Civil Rights (OCR) tracks breach types on its public breach portal, providing useful epidemiological data on the healthcare industry&#8217;s threat landscape.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-34aec8f elementor-widget elementor-widget-text-editor\" data-id=\"34aec8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<table data-tablestyle=\"MsoTable15Grid6ColorfulAccent1\" data-tablelook=\"1696\" aria-rowcount=\"7\"><tbody><tr aria-rowindex=\"1\"><td data-celllook=\"256\"><strong><span class=\"TextRun SCXW104977019 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW104977019 BCX0\">Breach Type<\/span><\/span><\/strong><\/td><td data-celllook=\"256\"><strong><span class=\"TextRun SCXW56344911 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW56344911 BCX0\">Description<\/span><\/span><\/strong><\/td><td data-celllook=\"256\"><strong><span class=\"TextRun SCXW145609135 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW145609135 BCX0\">Example<\/span><\/span><\/strong><\/td><\/tr><tr aria-rowindex=\"2\"><td data-celllook=\"0\"><strong><span class=\"TextRun SCXW56068169 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW56068169 BCX0\">Hacking \/ IT Incident<\/span><\/span><\/strong><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW48981395 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW48981395 BCX0\">Unauthorized access via malicious software, phishing, brute force, or vulnerability exploitation. The\u00a0<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW48981395 BCX0\">fastest-growing<\/span><span class=\"NormalTextRun SCXW48981395 BCX0\"> and most impactful breach category.<\/span><\/span><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW106335742 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW106335742 BCX0\">Ransomware attack disabling hospital EHR access<\/span><span class=\"NormalTextRun SCXW106335742 BCX0\">.<\/span><\/span><\/td><\/tr><tr aria-rowindex=\"3\"><td data-celllook=\"0\"><strong><span class=\"TextRun SCXW276297 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW276297 BCX0\">Unauthorized Access \/ Disclosure<\/span><\/span><\/strong><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW10788392 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW10788392 BCX0\">An individual accesses or shares PHI without authorization<\/span><span class=\"NormalTextRun SCXW10788392 BCX0\">,<\/span><span class=\"NormalTextRun SCXW10788392 BCX0\"> whether intentional or accidental.<\/span><\/span><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW28500257 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW28500257 BCX0\">Employee accessing a celebrity patient&#8217;s records<\/span><span class=\"NormalTextRun SCXW28500257 BCX0\">.<\/span><\/span><\/td><\/tr><tr aria-rowindex=\"4\"><td data-celllook=\"0\"><strong><span class=\"TextRun SCXW171465468 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW171465468 BCX0\">Theft<\/span><\/span><\/strong><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW119542392 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW119542392 BCX0\">Physical theft of devices, paper records, or storage media\u00a0<\/span><span class=\"NormalTextRun SCXW119542392 BCX0\">containing<\/span><span class=\"NormalTextRun SCXW119542392 BCX0\"> PHI.<\/span><\/span><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW49384247 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW49384247 BCX0\">Laptop\u00a0<\/span><span class=\"NormalTextRun SCXW49384247 BCX0\">containing<\/span><span class=\"NormalTextRun SCXW49384247 BCX0\">\u00a0patient data stolen from a car<\/span><span class=\"NormalTextRun SCXW49384247 BCX0\">.<\/span><\/span><\/td><\/tr><tr aria-rowindex=\"5\"><td data-celllook=\"0\"><b>Loss<\/b><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW261513763 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW261513763 BCX0\">Devices or records containing PHI are misplaced or lost without evidence of theft.<\/span><\/span><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW152176134 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW152176134 BCX0\">USB drive with patient files left on public transport<\/span><span class=\"NormalTextRun SCXW152176134 BCX0\">.<\/span><\/span><\/td><\/tr><tr aria-rowindex=\"6\"><td data-celllook=\"0\"><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:0}\"><span class=\"TextRun SCXW262276408 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW262276408 BCX0\"><strong><span class=\"TextRun SCXW47527621 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW47527621 BCX0\">Improper Disposal<\/span><\/span><\/strong><\/span><\/span><\/span><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW131272963 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW131272963 BCX0\">PHI disposed of without\u00a0<\/span><span class=\"NormalTextRun SCXW131272963 BCX0\">appropriate destruction<\/span><span class=\"NormalTextRun SCXW131272963 BCX0\"> methods, leaving data recoverable.<\/span><\/span><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW237833298 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW237833298 BCX0\">Paper records in an open dumpster<\/span><span class=\"NormalTextRun SCXW237833298 BCX0\">.<\/span><\/span><\/td><\/tr><tr aria-rowindex=\"7\"><td data-celllook=\"0\"><strong><span class=\"TextRun SCXW221792220 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW221792220 BCX0\">Database Breach<\/span><\/span><\/strong><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW88598679 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW88598679 BCX0\">Direct compromise of a healthcare database exposing structured patient data at scale.<\/span><\/span><\/td><td data-celllook=\"0\"><span class=\"TextRun SCXW240154036 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW240154036 BCX0\">SQL injection exposing millions of patient records<\/span><span class=\"NormalTextRun SCXW240154036 BCX0\">.<\/span><\/span><\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-67a8c77 elementor-widget elementor-widget-heading\" data-id=\"67a8c77\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Impact of Healthcare Data Breaches<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ad19c35 elementor-widget elementor-widget-text-editor\" data-id=\"ad19c35\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<h3 aria-level=\"3\"><b><span data-contrast=\"auto\">1. Patient Impact:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">For patients, a healthcare data breach can have lasting and deeply personal consequences that go well beyond a compromised password.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><ul><li><span data-contrast=\"auto\"><strong>Identity theft and personal data theft:<\/strong> Stolen PHI enables criminals to open fraudulent accounts, obtain loans, or file tax returns in the patient&#8217;s name.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Medical identity theft:<\/strong> Criminals use stolen health insurance credentials to obtain prescriptions, procedures, or reimbursements,\u00a0leaving victims with incorrect medical records that can endanger their health in future treatment.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Emotional distress:<\/strong> Patients whose sensitive diagnoses, mental health records, or reproductive health information\u00a0are\u00a0exposed may experience significant psychological harm.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Social security breach risks:<\/strong> The combination of PHI and Social Security numbers creates risk of comprehensive identity fraud affecting credit, employment, and government benefits.<\/span><\/li><\/ul><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">2. Organizational Impact:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">For healthcare organizations, the consequences of a security breach extend across financial, operational, and reputational dimensions.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><ul><li><span data-contrast=\"auto\"><strong>Cost of data breach:<\/strong> The healthcare industry has consistently recorded the highest average cost of data breach across all sectors. According to IBM&#8217;s annual Cost of a Data Breach Report, healthcare breach costs have exceeded $10 million on average in recent years,\u00a0driven by regulatory fines, legal settlements, remediation expenses, and lost business.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>HIPAA violations and penalties:<\/strong> HIPAA breach notifications trigger investigations by the HHS Office for Civil Rights. Penalties are\u00a0tiered\u00a0by culpability,\u00a0from $100 per violation for unknowing breaches to $50,000 per violation (up to $1.9 million annually) for willful neglect.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Operational disruption:<\/strong> Ransomware and destructive attacks can shut down clinical systems for days or weeks, delaying surgeries, diverting ambulances, and compromising patient care.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Legal liability:<\/strong> Class action lawsuits, state attorney general investigations, and individual patient claims add additional financial and reputational burden.<\/span><\/li><\/ul><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">3. Industry and Societal Impact:<\/span><\/b><\/h3><ul><li><span data-contrast=\"auto\"><strong>Trust erosion:<\/strong> Repeated healthcare data breaches cases erode public confidence in the healthcare sector&#8217;s ability to protect sensitive information, reducing willingness to share data critical for care.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Increased regulatory pressure:<\/strong> High-profile breaches drive legislative and regulatory action, adding compliance requirements across the healthcare industry.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:60,&quot;335559739&quot;:60}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Systemic risk:<\/strong> As healthcare systems become more interconnected, a single breach can propagate across partner networks, creating sector-wide vulnerabilities.<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a597f97 elementor-widget elementor-widget-heading\" data-id=\"a597f97\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Role of Cybersecurity in Preventing Healthcare Data Breaches<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-56286f9 elementor-widget elementor-widget-text-editor\" data-id=\"56286f9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"auto\"><a href=\"https:\/\/www.netwitness.com\/industry\/cybersecurity-for-healthcare\/\" target=\"_blank\" rel=\"noopener\">Cybersecurity in healthcare<\/a> is not simply a technical\u00a0discipline,\u00a0it is a patient safety imperative. The consequences of a security breach in a clinical environment can extend from\u00a0financial loss\u00a0to delayed treatment and compromised care decisions. Robust cybersecurity programs are therefore essential to the mission of every healthcare organization.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">1. Full Visibility Across Healthcare Systems:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">Effective healthcare security begins with comprehensive visibility. Organizations must know what assets exist on their network, what data those assets hold, who is accessing them, and what normal behavior looks like. Without this baseline, detecting anomalies \u2014 the hallmark of cyber intrusion \u2014 is impossible. Modern security operations platforms provide unified visibility across endpoints, networks, identity systems, and cloud environments in a single pane of glass.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">2. Early Detection of Cyber Intrusions:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">The average dwell time for attackers in healthcare networks \u2014 the period between\u00a0initial\u00a0compromise and detection \u2014 has historically been measured in weeks or months. During this window, attackers can map the environment, escalate privileges, exfiltrate data, and deploy ransomware payloads. <a href=\"https:\/\/www.netwitness.com\/platform\/threat-detection-and-response\/\" target=\"_blank\" rel=\"noopener\">Advanced threat detection<\/a> capabilities, including behavioral analytics and machine learning-powered anomaly detection, enable security teams to\u00a0identify\u00a0and respond to intrusions before they escalate into full-scale breaches.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">3. Supporting Health Insurance and Healthcare Monitoring:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">Health insurance organizations and their partners face elevated risk because they hold both clinical and financial data at\u00a0scale. Health insurance monitoring programs \u2014 including\u00a0monitoring of\u00a0claims systems, member portals, and partner integrations \u2014 are critical components of a comprehensive\u00a0breach\u00a0prevention strategy. Healthcare monitoring capabilities that extend across the enterprise, from clinical systems to administrative platforms, ensure that no segment of the environment becomes a blind spot for attackers.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:80,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p><h3 aria-level=\"3\"><b><span data-contrast=\"auto\">4. Proactive Data Protection:<\/span><\/b><\/h3><p><span data-contrast=\"auto\">The most <a href=\"https:\/\/www.netwitness.com\/cyber-glossary\/cybersecurity-posture\/\" target=\"_blank\" rel=\"noopener\">effective cybersecurity posture<\/a> in healthcare is proactive rather than reactive. This means identifying and remediating vulnerabilities before they are exploited, rather than waiting for a breach to occur. Data protection strategies that combine encryption, access control, continuous monitoring, and automated response capabilities give healthcare organizations the best chance of preventing PHI from ever reaching unauthorized hands.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-28340c0 elementor-widget elementor-widget-heading\" data-id=\"28340c0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Related Terms &amp; Synonyms<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8390a9a elementor-widget elementor-widget-text-editor\" data-id=\"8390a9a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<ul><li><span data-contrast=\"auto\"><strong>Data Loss:\u00a0<\/strong>The accidental or intentional destruction, corruption, or unavailability of organizational data, whether through technical failure, cyberattack, or human error.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Data Breach:<\/strong>\u00a0Any confirmed incident in which protected or sensitive data is accessed,\u00a0disclosed, or stolen by an unauthorized party.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Cyberattack:\u00a0<\/strong>A deliberate attempt by an individual or group to infiltrate, disrupt, or damage computer systems, networks, or data,\u00a0typically for financial, political, or strategic gain.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Data Leakage:<\/strong> The unauthorized transmission of sensitive data from within an organization to an external destination, often gradual and undetected.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>System Breach:<\/strong>\u00a0Unauthorized penetration into a computer system or network with the intent to access,\u00a0modify, or steal information.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Security Breach:\u00a0<\/strong>Any incident that results in unauthorized access to data, applications, services, networks, or devices,\u00a0bypassing established security controls.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Cyber Intrusion:\u00a0<\/strong>An unauthorized entry into a computer system, network, or digital environment,\u00a0often as the first phase of a broader attack campaign.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Data Exposure:\u00a0<\/strong>The inadvertent or unintended availability of sensitive data to unauthorized parties, often due to misconfiguration or poor security practices.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Integrity Breach:\u00a0<\/strong>An event in which data is\u00a0modified, corrupted, or\u00a0deleted\u00a0by an unauthorized party, compromising its accuracy and trustworthiness.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Phishing Incident:<\/strong>\u00a0A <a href=\"https:\/\/www.netwitness.com\/cyber-glossary\/phishing\/\" target=\"_blank\" rel=\"noopener\">social engineering attack<\/a> using deceptive emails, messages, or websites to trick users into revealing credentials or installing malware.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Insider Snooping:<\/strong>\u00a0Unauthorized access to patient records or confidential information by employees motivated by curiosity, personal interest, or malice.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Credential Stuffing:\u00a0<\/strong>An automated cyberattack that uses lists of stolen username\/password combinations to gain unauthorized access to systems at scale.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Ransomware Attack:\u00a0<\/strong>A <a href=\"https:\/\/www.netwitness.com\/blog\/netwitness-ransomware-defense-cloud-services\/\" target=\"_blank\" rel=\"noopener\">type of malware attack<\/a> that encrypts a victim&#8217;s files and demands payment in exchange for the decryption key.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:40}\">\u00a0<\/span><\/li><li><span data-contrast=\"auto\"><strong>Confidentiality Breach:<\/strong>\u00a0The unauthorized disclosure of private or protected information to individuals or entities who lack authorization to receive it.<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b9b8efb e-flex e-con-boxed e-con e-parent\" data-id=\"b9b8efb\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a7b41d3 elementor-widget elementor-widget-heading\" data-id=\"a7b41d3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">People Also Ask<\/h2>\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c2498ac e-con-full e-flex e-con e-child\" data-id=\"c2498ac\" data-element_type=\"container\" data-e-type=\"container\" id=\"faq-section\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b7af59c elementor-widget elementor-widget-n-accordion\" data-id=\"b7af59c\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;default_state&quot;:&quot;expanded&quot;,&quot;max_items_expended&quot;:&quot;one&quot;,&quot;n_accordion_animation_duration&quot;:{&quot;unit&quot;:&quot;ms&quot;,&quot;size&quot;:400,&quot;sizes&quot;:[]}}\" data-widget_type=\"nested-accordion.default\">\n\t\t\t\t\t\t\t<div class=\"e-n-accordion\" aria-label=\"Accordion. Open links with Enter or Space, close with Escape, and navigate with Arrow Keys\">\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1920\" class=\"e-n-accordion-item\" open>\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"1\" tabindex=\"0\" aria-expanded=\"true\" aria-controls=\"e-n-accordion-item-1920\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 1. What is a breach in healthcare? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1920\" class=\"elementor-element elementor-element-7f4aa81 e-con-full e-flex e-con e-child\" data-id=\"7f4aa81\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1920\" class=\"elementor-element elementor-element-0a80958 e-flex e-con-boxed e-con e-child\" data-id=\"0a80958\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-afe789b elementor-widget elementor-widget-text-editor\" data-id=\"afe789b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW233570779 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW233570779 BCX0\">A breach in healthcare refers to any unauthorized access, use, disclosure, modification, or destruction of protected health information (PHI). Under HIPAA, a breach is presumed to have occurred whenever unsecured PHI is impermissibly accessed unless the covered entity or business associate can\u00a0<\/span><span class=\"NormalTextRun SCXW233570779 BCX0\">demonstrate<\/span><span class=\"NormalTextRun SCXW233570779 BCX0\">\u00a0a low probability that the data was compromised based on a four-factor risk assessment.<\/span><\/span><span class=\"EOP Selected SCXW233570779 BCX0\" data-ccp-props=\"{&quot;335559739&quot;:100}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1921\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"2\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1921\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 2. Which is not a common cause of a breach? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1921\" class=\"elementor-element elementor-element-0cb3db5 e-con-full e-flex e-con e-child\" data-id=\"0cb3db5\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1921\" class=\"elementor-element elementor-element-f66bb0a e-flex e-con-boxed e-con e-child\" data-id=\"f66bb0a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a341ecb elementor-widget elementor-widget-text-editor\" data-id=\"a341ecb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW105577980 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW105577980 BCX0\">Routine system backups, scheduled software maintenance, and authorized data audits by compliance officers are not common\u00a0<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW105577980 BCX0\">breach<\/span><span class=\"NormalTextRun SCXW105577980 BCX0\">\u00a0causes. In contrast, phishing attacks, ransomware, unauthorized employee access, lost or stolen devices, and third-party vendor vulnerabilities are among the most\u00a0<\/span><span class=\"NormalTextRun SCXW105577980 BCX0\">frequently<\/span><span class=\"NormalTextRun SCXW105577980 BCX0\">\u00a0documented causes of healthcare data breaches.<\/span><\/span><span class=\"EOP Selected SCXW105577980 BCX0\" data-ccp-props=\"{&quot;335559739&quot;:100}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1922\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"3\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1922\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 3. How to prevent data breaches in healthcare? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1922\" class=\"elementor-element elementor-element-5813b56 e-con-full e-flex e-con e-child\" data-id=\"5813b56\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1922\" class=\"elementor-element elementor-element-d9f0ad3 e-flex e-con-boxed e-con e-child\" data-id=\"d9f0ad3\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-eb79a0d elementor-widget elementor-widget-text-editor\" data-id=\"eb79a0d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW119112968 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW119112968 BCX0\">Effective healthcare data breach prevention requires a multi-layered approach: deploying encryption and MFA, implementing role-based access controls, conducting regular staff security training,\u00a0<\/span><span class=\"NormalTextRun SCXW119112968 BCX0\">maintaining<\/span><span class=\"NormalTextRun SCXW119112968 BCX0\">\u00a0up-to-date patch management, adopting a Zero Trust security architecture, and\u00a0<\/span><span class=\"NormalTextRun SCXW119112968 BCX0\">establishing<\/span><span class=\"NormalTextRun SCXW119112968 BCX0\">\u00a0robust incident response capabilities.\u00a0<\/span><span class=\"NormalTextRun SCXW119112968 BCX0\">Regular HIPAA risk assessments are also legally required and help identify gaps before they are exploited.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1923\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"4\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1923\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 4. What is a HIPAA breach? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1923\" class=\"elementor-element elementor-element-38bd880 e-con-full e-flex e-con e-child\" data-id=\"38bd880\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1923\" class=\"elementor-element elementor-element-f75101f e-flex e-con-boxed e-con e-child\" data-id=\"f75101f\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1ae8c5a elementor-widget elementor-widget-text-editor\" data-id=\"1ae8c5a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW86942031 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW86942031 BCX0\">A <a href=\"https:\/\/www.ama-assn.org\/practice-management\/hipaa\/hipaa-breach-notification-rule\" target=\"_blank\" rel=\"noopener nofollow\">HIPAA breach<\/a> is defined as the acquisition, access, use, or disclosure of PHI in a manner not\u00a0<\/span><span class=\"NormalTextRun SCXW86942031 BCX0\">permitted<\/span><span class=\"NormalTextRun SCXW86942031 BCX0\">\u00a0under the HIPAA Privacy Rule that compromises the security or privacy of the information. When a HIPAA breach of unsecured PHI affecting 500 or more individuals occurs, covered entities must notify affected individuals, the HHS Secretary, and prominent media outlets in the affected state or\u00a0<\/span><span class=\"NormalTextRun SCXW86942031 BCX0\">jurisdiction<\/span><span class=\"NormalTextRun SCXW86942031 BCX0\">\u00a0within\u00a0<\/span><span class=\"NormalTextRun SCXW86942031 BCX0\">60-days<\/span><span class=\"NormalTextRun SCXW86942031 BCX0\">.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1924\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"5\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1924\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 5. Which of the following are common causes of breaches HIPAA? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1924\" class=\"elementor-element elementor-element-606f103 e-con-full e-flex e-con e-child\" data-id=\"606f103\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1924\" class=\"elementor-element elementor-element-9ac2c15 e-flex e-con-boxed e-con e-child\" data-id=\"9ac2c15\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-da93424 elementor-widget elementor-widget-text-editor\" data-id=\"da93424\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW48358896 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW48358896 BCX0\">The most common causes of HIPAA breaches include hacking and IT incidents (the largest category by volume of records exposed), unauthorized access or disclosure, theft of devices\u00a0<\/span><span class=\"NormalTextRun SCXW48358896 BCX0\">containing<\/span><span class=\"NormalTextRun SCXW48358896 BCX0\">\u00a0PHI, loss of unencrypted devices, and improper disposal of records. Phishing, ransomware, and employee insider access violations are\u00a0<\/span><span class=\"NormalTextRun SCXW48358896 BCX0\">frequently<\/span><span class=\"NormalTextRun SCXW48358896 BCX0\">\u00a0cited in HIPAA\u00a0<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW48358896 BCX0\">breach<\/span><span class=\"NormalTextRun SCXW48358896 BCX0\"> reports filed with the HHS Office for Civil Rights.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1925\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"6\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1925\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 6. Where do you report HIPAA violations? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1925\" class=\"elementor-element elementor-element-fc973b2 e-con-full e-flex e-con e-child\" data-id=\"fc973b2\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1925\" class=\"elementor-element elementor-element-bdc6450 e-flex e-con-boxed e-con e-child\" data-id=\"bdc6450\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a802f44 elementor-widget elementor-widget-text-editor\" data-id=\"a802f44\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW200489144 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW200489144 BCX0\">HIPAA violations should be reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), which enforces the HIPAA Privacy and Security Rules. Complaints can be filed at the HHS OCR website (<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW200489144 BCX0\">hhs.gov<\/span><span class=\"NormalTextRun SCXW200489144 BCX0\">\/<\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW200489144 BCX0\">ocr<\/span><span class=\"NormalTextRun SCXW200489144 BCX0\">). Covered entities and business associates\u00a0<\/span><span class=\"NormalTextRun SCXW200489144 BCX0\">are required to<\/span><span class=\"NormalTextRun SCXW200489144 BCX0\">\u00a0self-report breaches to HHS OCR within\u00a0<\/span><span class=\"NormalTextRun SCXW200489144 BCX0\">60 days<\/span><span class=\"NormalTextRun SCXW200489144 BCX0\"> of discovering a breach affecting 500 or more individuals.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1926\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"7\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1926\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 7. How many data breaches occurred in the US in 2021? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1926\" class=\"elementor-element elementor-element-534faf0 e-con-full e-flex e-con e-child\" data-id=\"534faf0\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1926\" class=\"elementor-element elementor-element-10ade8d e-flex e-con-boxed e-con e-child\" data-id=\"10ade8d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-07258bd elementor-widget elementor-widget-text-editor\" data-id=\"07258bd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW125886559 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW125886559 BCX0\">According to the <a href=\"https:\/\/www.idtheftcenter.org\/post\/identity-theft-resource-center-2021-annual-data-breach-report-sets-new-record-for-number-of-compromises\/\" target=\"_blank\" rel=\"noopener nofollow\">Identity Theft Resource Center&#8217;s 2021 Annual Data Breach Report<\/a>, there were a record 1,862 data breaches in the United States in 2021<\/span><span class=\"NormalTextRun SCXW125886559 BCX0\">,\u00a0<\/span><span class=\"NormalTextRun SCXW125886559 BCX0\">a 68% increase compared to 2020 and surpassing the prior record set in 2017. The healthcare sector was consistently among the most affected industries, accounting for a substantial share of total breaches and records exposed.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1927\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"8\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1927\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 8. How to reduce healthcare data breach costs? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1927\" class=\"elementor-element elementor-element-c00274a e-con-full e-flex e-con e-child\" data-id=\"c00274a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1927\" class=\"elementor-element elementor-element-3f96da3 e-flex e-con-boxed e-con e-child\" data-id=\"3f96da3\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-860ef60 elementor-widget elementor-widget-text-editor\" data-id=\"860ef60\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW195940958 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW195940958 BCX0\">Organizations can reduce the cost of data breach by investing in detection and response\u00a0<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW195940958 BCX0\">capabilities<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW195940958 BCX0\">,<\/span><span class=\"NormalTextRun SCXW195940958 BCX0\">\u00a0shorter detection times correlate with significantly lower breach costs. Other cost-reduction factors include deploying encryption, adopting Zero Trust architectures,\u00a0<\/span><span class=\"NormalTextRun SCXW195940958 BCX0\">establishing<\/span><span class=\"NormalTextRun SCXW195940958 BCX0\"> formal incident response teams, conducting employee training, and engaging cyber insurance. IBM&#8217;s research consistently shows that organizations with mature security practices experience breach costs well below the industry average.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1928\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"9\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1928\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 9. Can I sue Change Healthcare for data breach? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1928\" class=\"elementor-element elementor-element-dc55eee e-con-full e-flex e-con e-child\" data-id=\"dc55eee\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1928\" class=\"elementor-element elementor-element-86328e4 e-flex e-con-boxed e-con e-child\" data-id=\"86328e4\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-9097ca5 elementor-widget elementor-widget-text-editor\" data-id=\"9097ca5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW259203508 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW259203508 BCX0\">Yes. Following the <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/change-healthcare-cybersecurity-incident-frequently-asked-questions\/index.html\" target=\"_blank\" rel=\"noopener nofollow\">2024 Change Healthcare ransomware attack<\/a>,\u00a0<\/span><span class=\"NormalTextRun SCXW259203508 BCX0\">numerous<\/span><span class=\"NormalTextRun SCXW259203508 BCX0\">\u00a0class action lawsuits were filed against Change Healthcare and its parent company, UnitedHealth Group, by affected individuals and healthcare providers. Plaintiffs may seek damages for negligence, breach of contract, and violations of state data protection laws. Individuals who believe their data was exposed should consult a licensed attorney for guidance specific to their\u00a0<\/span><span class=\"NormalTextRun SCXW259203508 BCX0\">jurisdiction<\/span><span class=\"NormalTextRun SCXW259203508 BCX0\"> and circumstances.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1929\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"10\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1929\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 10. How common are data breaches? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1929\" class=\"elementor-element elementor-element-9d71543 e-con-full e-flex e-con e-child\" data-id=\"9d71543\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1929\" class=\"elementor-element elementor-element-a5bfbfb e-flex e-con-boxed e-con e-child\" data-id=\"a5bfbfb\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e8ef0cc elementor-widget elementor-widget-text-editor\" data-id=\"e8ef0cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW179704367 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW179704367 BCX0\">Healthcare data breaches are extremely common. The HHS OCR breach portal<\/span><span class=\"NormalTextRun SCXW179704367 BCX0\">,\u00a0<\/span><span class=\"NormalTextRun SCXW179704367 BCX0\">sometimes called the &#8220;Wall of Shame&#8221;<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW179704367 BCX0\">\u00a0lists<\/span><span class=\"NormalTextRun SCXW179704367 BCX0\">\u00a0hundreds of breaches affecting 500 or more individuals each year. In 2023 alone, over 725 large healthcare data breaches were reported in the U.S., affecting more than 133 million individuals. Small breaches affecting fewer than 500 individuals are reported separately and collectively\u00a0<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW179704367 BCX0\">number<\/span><span class=\"NormalTextRun SCXW179704367 BCX0\"> in the thousands annually.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-19210\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"11\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-19210\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 11. What insurance companies are affected by the Change Healthcare breach? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-19210\" class=\"elementor-element elementor-element-adfc065 e-con-full e-flex e-con e-child\" data-id=\"adfc065\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-19210\" class=\"elementor-element elementor-element-5d80571 e-flex e-con-boxed e-con e-child\" data-id=\"5d80571\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-531a493 elementor-widget elementor-widget-text-editor\" data-id=\"531a493\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW51863598 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW51863598 BCX0\">The 2024 Change Healthcare breach affected a vast swath of the U.S. health insurance ecosystem, as Change Healthcare processes an estimated one in three U.S. medical claims. Insurers and pharmacy benefit plans\u00a0<\/span><span class=\"NormalTextRun SCXW51863598 BCX0\">impacted<\/span><span class=\"NormalTextRun SCXW51863598 BCX0\">\u00a0included those affiliated with UnitedHealthcare, as well as many regional and national payers whose claims were processed through Change Healthcare&#8217;s platform. Patients, pharmacies, and providers across\u00a0<\/span><span class=\"NormalTextRun SCXW51863598 BCX0\">virtually all<\/span><span class=\"NormalTextRun SCXW51863598 BCX0\"> major health insurance plans experienced disruptions.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-19211\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"12\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-19211\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 12. Who investigates a potential information breach? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-19211\" class=\"elementor-element elementor-element-3fadd7d e-con-full e-flex e-con e-child\" data-id=\"3fadd7d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-19211\" class=\"elementor-element elementor-element-3a79b5d e-flex e-con-boxed e-con e-child\" data-id=\"3a79b5d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-afbf81b elementor-widget elementor-widget-text-editor\" data-id=\"afbf81b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW18695368 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW18695368 BCX0\">Healthcare data breaches are investigated at multiple levels. The HHS Office for Civil Rights (OCR) investigates potential HIPAA violations. The FBI and CISA (Cybersecurity and Infrastructure Security Agency) may investigate criminal cyberattacks. State attorneys general can investigate breaches involving their residents. Internally, organizations typically engage their IT security teams, legal counsel, and often third-party forensic investigators to conduct root cause analysis.<\/span><\/span><span class=\"EOP Selected SCXW18695368 BCX0\" data-ccp-props=\"{&quot;335559739&quot;:100}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-19212\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"13\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-19212\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 13. Where can you find information about healthcare database threats? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-19212\" class=\"elementor-element elementor-element-e89733c e-con-full e-flex e-con e-child\" data-id=\"e89733c\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-19212\" class=\"elementor-element elementor-element-779fbdd e-flex e-con-boxed e-con e-child\" data-id=\"779fbdd\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c92c126 elementor-widget elementor-widget-text-editor\" data-id=\"c92c126\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW174709234 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW174709234 BCX0\">Key resources for healthcare database threat intelligence include the HHS OCR breach portal, the\u00a0<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW174709234 BCX0\">Health<\/span><span class=\"NormalTextRun SCXW174709234 BCX0\">-ISAC (Health Information Sharing and Analysis Center), CISA advisories, the FBI&#8217;s Internet Crime Complaint Center (IC3), peer-reviewed cybersecurity publications, and threat intelligence platforms purpose-built for the healthcare sector. Annual reports from IBM Security, Verizon, and industry-specific cybersecurity vendors also provide valuable data on healthcare threat trends.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-19213\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"14\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-19213\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> 14. How frequent are healthcare organizations targeted for cyberattacks? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1402)\"><path d=\"M39.9375 19.9998C39.9375 31.0111 31.0111 39.9375 19.9998 39.9375C8.98853 39.9375 0.0617981 31.0111 0.0617981 19.9998C0.0617981 8.98853 8.98853 0.0617981 19.9998 0.0617981C31.006 0.0742111 39.9251 8.99328 39.9375 19.9998ZM2.05582 19.9998C2.05582 29.9101 10.0896 37.9438 19.9998 37.9438C29.9101 37.9438 37.9438 29.9101 37.9438 19.9998C37.9438 10.0896 29.9101 2.05582 19.9998 2.05582C10.0943 2.06714 2.06714 10.0943 2.05582 19.9998Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 22.3341C28.0909 22.7489 28.0485 23.3786 27.6342 23.7411C27.2195 24.1033 26.5897 24.0609 26.2272 23.6466L19.9998 16.5291L13.772 23.6469C13.4095 24.0617 12.7798 24.1036 12.3654 23.7415C11.9507 23.379 11.9083 22.7492 12.2709 22.3345L19.2492 14.3595C19.4383 14.143 19.7121 14.0189 19.9998 14.0189C20.2875 14.0189 20.5609 14.143 20.7504 14.3595L27.7284 22.3341Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1402\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 -1 -1 0 39.9375 39.9375)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"40\" height=\"40\" viewBox=\"0 0 40 40\" fill=\"none\"><g clip-path=\"url(#clip0_726_1407)\"><path d=\"M39.9375 20.0002C39.9375 8.98887 31.0111 0.0625 19.9998 0.0625C8.98853 0.0625 0.0617981 8.98887 0.0617981 20.0002C0.0617981 31.0115 8.98853 39.9382 19.9998 39.9382C31.006 39.9258 39.9251 31.0067 39.9375 20.0002ZM2.05582 20.0002C2.05582 10.0899 10.0896 2.05616 19.9998 2.05616C29.9101 2.05616 37.9438 10.0899 37.9438 20.0002C37.9438 29.9104 29.9101 37.9442 19.9998 37.9442C10.0943 37.9329 2.06714 29.9057 2.05582 20.0002Z\" fill=\"#001D3B\"><\/path><path d=\"M27.7284 17.6659C28.0909 17.2511 28.0485 16.6214 27.6342 16.2589C27.2195 15.8967 26.5897 15.9391 26.2272 16.3534L19.9998 23.4709L13.772 16.3531C13.4095 15.9383 12.7798 15.8964 12.3654 16.2585C11.9507 16.621 11.9083 17.2508 12.2709 17.6655L19.2492 25.6405C19.4383 25.857 19.7121 25.9811 19.9998 25.9811C20.2875 25.9811 20.5609 25.857 20.7504 25.6405L27.7284 17.6659Z\" fill=\"#001D3B\"><\/path><\/g><defs><clipPath id=\"clip0_726_1407\"><rect width=\"39.8756\" height=\"39.8756\" fill=\"white\" transform=\"matrix(0 1 -1 0 39.9375 0.0625)\"><\/rect><\/clipPath><\/defs><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-19213\" class=\"elementor-element elementor-element-daa4095 e-con-full e-flex e-con e-child\" data-id=\"daa4095\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-19213\" class=\"elementor-element elementor-element-36d501a e-flex e-con-boxed e-con e-child\" data-id=\"36d501a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-69ce041 elementor-widget elementor-widget-text-editor\" data-id=\"69ce041\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW93499181 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW93499181 BCX0\">Healthcare organizations are targeted at\u00a0<\/span><span class=\"NormalTextRun SCXW93499181 BCX0\">a very high<\/span><span class=\"NormalTextRun SCXW93499181 BCX0\">\u00a0frequency. The sector has ranked among the top three most-attacked industries for over a decade. Ransomware attacks on hospitals and health systems occur multiple times per\u00a0<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW93499181 BCX0\">week globally<\/span><span class=\"NormalTextRun SCXW93499181 BCX0\">. According to various industry reports, over 60% of healthcare organizations experienced a significant security incident in any given year. The combination of valuable data, critical operational dependencies, and historically under-resourced security makes healthcare organizations perennial\u00a0<\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW93499181 BCX0\">targets for<\/span><span class=\"NormalTextRun SCXW93499181 BCX0\"> threat actors.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<script type=\"application\/ld+json\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"1. What is a breach in healthcare?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A breach in healthcare refers to any unauthorized access, use, disclosure, modification, or destruction of protected health information (PHI). Under HIPAA, a breach is presumed to have occurred whenever unsecured PHI is impermissibly accessed unless the covered entity or business associate can\\u00a0demonstrate\\u00a0a low probability that the data was compromised based on a four-factor risk assessment.\\u00a0\"}},{\"@type\":\"Question\",\"name\":\"2. Which is not a common cause of a breach?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Routine system backups, scheduled software maintenance, and authorized data audits by compliance officers are not common\\u00a0breach\\u00a0causes. In contrast, phishing attacks, ransomware, unauthorized employee access, lost or stolen devices, and third-party vendor vulnerabilities are among the most\\u00a0frequently\\u00a0documented causes of healthcare data breaches.\\u00a0\"}},{\"@type\":\"Question\",\"name\":\"3. How to prevent data breaches in healthcare?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Effective healthcare data breach prevention requires a multi-layered approach: deploying encryption and MFA, implementing role-based access controls, conducting regular staff security training,\\u00a0maintaining\\u00a0up-to-date patch management, adopting a Zero Trust security architecture, and\\u00a0establishing\\u00a0robust incident response capabilities.\\u00a0Regular HIPAA risk assessments are also legally required and help identify gaps before they are exploited.\"}},{\"@type\":\"Question\",\"name\":\"4. What is a HIPAA breach?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A HIPAA breach is defined as the acquisition, access, use, or disclosure of PHI in a manner not\\u00a0permitted\\u00a0under the HIPAA Privacy Rule that compromises the security or privacy of the information. When a HIPAA breach of unsecured PHI affecting 500 or more individuals occurs, covered entities must notify affected individuals, the HHS Secretary, and prominent media outlets in the affected state or\\u00a0jurisdiction\\u00a0within\\u00a060-days.\"}},{\"@type\":\"Question\",\"name\":\"5. Which of the following are common causes of breaches HIPAA?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The most common causes of HIPAA breaches include hacking and IT incidents (the largest category by volume of records exposed), unauthorized access or disclosure, theft of devices\\u00a0containing\\u00a0PHI, loss of unencrypted devices, and improper disposal of records. Phishing, ransomware, and employee insider access violations are\\u00a0frequently\\u00a0cited in HIPAA\\u00a0breach reports filed with the HHS Office for Civil Rights.\"}},{\"@type\":\"Question\",\"name\":\"6. Where do you report HIPAA violations?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"HIPAA violations should be reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), which enforces the HIPAA Privacy and Security Rules. Complaints can be filed at the HHS OCR website (hhs.gov\\\/ocr). Covered entities and business associates\\u00a0are required to\\u00a0self-report breaches to HHS OCR within\\u00a060 days of discovering a breach affecting 500 or more individuals.\"}},{\"@type\":\"Question\",\"name\":\"7. How many data breaches occurred in the US in 2021?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"According to the Identity Theft Resource Center&#8217;s 2021 Annual Data Breach Report, there were a record 1,862 data breaches in the United States in 2021,\\u00a0a 68% increase compared to 2020 and surpassing the prior record set in 2017. The healthcare sector was consistently among the most affected industries, accounting for a substantial share of total breaches and records exposed.\"}},{\"@type\":\"Question\",\"name\":\"8. How to reduce healthcare data breach costs?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Organizations can reduce the cost of data breach by investing in detection and response\\u00a0capabilities,\\u00a0shorter detection times correlate with significantly lower breach costs. Other cost-reduction factors include deploying encryption, adopting Zero Trust architectures,\\u00a0establishing formal incident response teams, conducting employee training, and engaging cyber insurance. IBM&#8217;s research consistently shows that organizations with mature security practices experience breach costs well below the industry average.\"}},{\"@type\":\"Question\",\"name\":\"9. Can I sue Change Healthcare for data breach?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. Following the 2024 Change Healthcare ransomware attack,\\u00a0numerous\\u00a0class action lawsuits were filed against Change Healthcare and its parent company, UnitedHealth Group, by affected individuals and healthcare providers. Plaintiffs may seek damages for negligence, breach of contract, and violations of state data protection laws. Individuals who believe their data was exposed should consult a licensed attorney for guidance specific to their\\u00a0jurisdiction and circumstances.\"}},{\"@type\":\"Question\",\"name\":\"10. How common are data breaches?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Healthcare data breaches are extremely common. The HHS OCR breach portal,\\u00a0sometimes called the &#8220;Wall of Shame&#8221;\\u00a0lists\\u00a0hundreds of breaches affecting 500 or more individuals each year. In 2023 alone, over 725 large healthcare data breaches were reported in the U.S., affecting more than 133 million individuals. Small breaches affecting fewer than 500 individuals are reported separately and collectively\\u00a0number in the thousands annually.\"}},{\"@type\":\"Question\",\"name\":\"11. What insurance companies are affected by the Change Healthcare breach?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The 2024 Change Healthcare breach affected a vast swath of the U.S. health insurance ecosystem, as Change Healthcare processes an estimated one in three U.S. medical claims. Insurers and pharmacy benefit plans\\u00a0impacted\\u00a0included those affiliated with UnitedHealthcare, as well as many regional and national payers whose claims were processed through Change Healthcare&#8217;s platform. Patients, pharmacies, and providers across\\u00a0virtually all major health insurance plans experienced disruptions.\"}},{\"@type\":\"Question\",\"name\":\"12. Who investigates a potential information breach?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Healthcare data breaches are investigated at multiple levels. The HHS Office for Civil Rights (OCR) investigates potential HIPAA violations. The FBI and CISA (Cybersecurity and Infrastructure Security Agency) may investigate criminal cyberattacks. State attorneys general can investigate breaches involving their residents. Internally, organizations typically engage their IT security teams, legal counsel, and often third-party forensic investigators to conduct root cause analysis.\\u00a0\"}},{\"@type\":\"Question\",\"name\":\"13. Where can you find information about healthcare database threats?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Key resources for healthcare database threat intelligence include the HHS OCR breach portal, the\\u00a0Health-ISAC (Health Information Sharing and Analysis Center), CISA advisories, the FBI&#8217;s Internet Crime Complaint Center (IC3), peer-reviewed cybersecurity publications, and threat intelligence platforms purpose-built for the healthcare sector. Annual reports from IBM Security, Verizon, and industry-specific cybersecurity vendors also provide valuable data on healthcare threat trends.\"}},{\"@type\":\"Question\",\"name\":\"14. How frequent are healthcare organizations targeted for cyberattacks?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Healthcare organizations are targeted at\\u00a0a very high\\u00a0frequency. The sector has ranked among the top three most-attacked industries for over a decade. Ransomware attacks on hospitals and health systems occur multiple times per\\u00a0week globally. According to various industry reports, over 60% of healthcare organizations experienced a significant security incident in any given year. The combination of valuable data, critical operational dependencies, and historically under-resourced security makes healthcare organizations perennial\\u00a0targets for threat actors.\"}}]}<\/script>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>What is Healthcare Data Breaches? A healthcare data breach is any unauthorized access, acquisition, use, discl [&hellip;]<\/p>\n","protected":false},"featured_media":15152,"template":"","class_list":["post-15150","glossary","type-glossary","status-publish","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/glossary\/15150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/types\/glossary"}],"version-history":[{"count":0,"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/glossary\/15150\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/media\/15152"}],"wp:attachment":[{"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/media?parent=15150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}