HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

Data breaches in Washington state reach record high

Written by Abby Grifno | Nov 28, 2024 6:06:54 PM

The state’s Attorney General has released a new report on the state of cybersecurity in Washington. 

 

What happened

The Washington Attorney General, Bob Ferguson, released its annual report on data breaches in the state on November 26th, 2024. Nine years ago, the office started officially tracking the number of residents who are impacted by breaches. 

The report revealed that just over 11.6 million data breach notices went out to Washingtonians between July 24th, 2023, and July 23rd, 2024. The number broke the previous record held in 2021. Last year, only 4.8 million breaches were reported to impact a significant number of Washingtonians. 

 

Going deeper

The most common type of breach was linked to ransomware attacks, which represented approximately 78% of the attacks. 

Notably, only attacks impacting at least 500 Washingtonians were included in the report; if the breach impacted less than 500, it did not need to be reported to the Attorney General. 

According to the report, 194 breaches caused a Washingtonian’s Social Security number to be breached, which makes individuals more susceptible to fraud. 

“The more people know about data breaches, the more they can protect themselves…This report offers recommendations for responding to a growing problem and continues to be a resource for Washingtonians looking for ways to protect their personal information,” said Ferguson. 

 

What’s next

The report included recommendations for future steps. Back in 2023, Furguson also partnered with Rep. Vandana Slatter (D) to propose the My Health My Data Act, which aimed to give Washingtonians more control over their health data. 

The new recommendations include: 

  • Reducing the deadline to provide notice of a data breach to three days; 
  • Require notifications to be sent in languages other than English;
  • Expand the definition of “personal information” to include an individual’s full name in combination with other redacted information; 
  • Require businesses to recognize and honor opt-out requests for data sharing; 
  • Require transparency from data brokers and collectors;
  • Consulting with tribes on efforts to combat cyberattacks. 

 

The big picture

Reports like these can be helpful in understanding the impact of data breaches on states. Unfortunately, with so much data transported across states–and even countries–decreasing data breaches will likely require a concerted effort across multiple governing organizations. Nevertheless, state regulations can be a good start for preventing breaches in the long run. Often, healthcare organizations have to follow state rules because they operate, in some capacity, in these states. 

Read more: HIPAA Compliant Email: The Definitive Guide. 
View full post