HIPAA Tip: Verizon Data Breach Investigations Report

Verizon’s 2024 Data Breach Investigations Report (DBIR) aims to shine light on the various threat actor types, the tactics they utilize and the targets they choose. From year to year they see new and innovative attacks as well as variations on tried-and-true attacks that still remain successful.

The shifting landscape of cyber threats can be confusing and overwhelming. Unfortunately, factors that remain constant are weak or poorly protected passwords, and the human element (insufficient training, non-malicious errors).

Some key highlights:

· About one-third of all breaches involved ransomware or some other extortion technique.

· Attacks involving the exploitation of vulnerabilities was a critical path to initiate a breach; this almost tripled from the past year.

· 68% of breaches involved a human element.

· The median time for users to fall for a phishing email is less than 60 seconds.

· Relevant attack techniques: basic web application attacks, denial of service (DoS), lost and stolen assets, privilege misuse, social engineering, system intrusion.

· Insiders deliberately causing breaches has surged back into second place in the healthcare industry. Personal data seems to be more desirable at the moment for threat actors.

For more information and to view the complete DBIR report:

2024 Verizon Data Breach Investigations Report.

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.


Dawn Meglino

HIPAA Compliance Specialist, CHPSE, CCSA, CCAP