The article was originally presented as a Boardroom Brief Newsletter.
Increasingly frequent data breach attacks on hospitals are imposing new obligations on hospital leaders. While general cybersecurity threats are significant, hospital CEOs and directors would be well-advised to implement additional oversight measures focused on data breaches. Hospital leaders already face numerous concerns about hospital operations, solvency, regulatory compliance, and accelerated industry changes. However, frequent and severe data breaches now require a sharper focus on this critical issue.
The HHS Office of Civil Rights (OCR) maintains an inventory of data breaches disclosed by healthcare providers. From January 2024 to August 31, 2024, there were 435 reported data breaches, averaging 1.8 breaches per day. This alarming statistic underscores the pervasive nature of the threat. Notable 2024 incidents have involved major healthcare entities such as Change Health Care (United Health Group) and Ascension health systems, highlighting the issue’s urgency.