In episode 359 of Help Me With HIPAA podcast, Donna and David talk about the 6 Takeaways of the 2022 Verizon Data Breach Investigation Report. Listen to the podcast to hear all 6 takeaways, but the one that is really impressive, and not in a good way, is the one regarding ransomware.
The 2022 Data Breach Investigation Report | Verizon (DBIR) annual report analyzed 23,896 incidents. Donna doesn’t understand why they could not just find 4 more to make it an even 23,900, but I digress. Of the 23,896 incidents, 5,212 were confirmed to be data breaches. Remember, there is a big difference between an incident and a data breach. An incident needs to be investigated and may just be that, an incident and not a breach. Remind your staff to not assume an incident is a breach and conveying that to patients, clients or others until there has been an investigation of the incident. So back to the not so good, impressive takeaway from this report… Ransomware made up one fourth of the 5,212 confirmed data breaches in this report. This is the real statistical slap in the face regarding ransomware. If you combined all the ransomware cases over the past 5 years, that total is less than the total number for this one year. Yes, I would say that ransomware is something that everyone needs to worry about and have a plan in place to handle… prior to it becoming a victim. Take a look at the 2022 Verizon DBIR. You will surely find information that will keep you up at night. If you think I am joking, go listen as David explains what a “botnet” is and what it can do… it’s scary stuff.
There is also a really eye opening, “HIPAA SAY WHAT??” segment in the 6 Takeaways 2022 Verizon DBIR – Ep. 359. For those organizations that think training staff on HIPAA privacy and security topics once a year is enough, this should keep you up at night too. The HIPAA Privacy Rule and Security Rule says “periodic training”. Just know, periodic training does not mean “once a year!”