The Identity Theft Resource Center (ITRC) has published its report on data compromises in Q1, 2023, which shows a 13% reduction in data breaches and a 64% decrease in victims from the previous quarter. In Q1 there were 445 publicly reported data compromises and 89,140,686 confirmed victims. While a fall in data breaches and victim count is good news, both figures typically fall in the first quarter of the year. The 13% reduction is far less of a fall from the corresponding period last year when there was a 28.6% quarterly reduction in data breaches. The Q1, 2023 figures show a 10% increase in data compromises compared to 2022, and a 25.7% increase from Q1, 2021.

94% of victims of data compromises in Q1, 2023, came from data breaches in just 4 sectors – Manufacturing & Utilities, Technology, Healthcare, and Transportation. Healthcare was the worst affected sector for the third consecutive quarter with 81 compromises, followed by financial services with 70 compromises, others with 59 compromises, and manufacturing & utilities with 54 compromises. Two healthcare data breaches made the top 5 list for the quarter – The data compromise at Independent Living Systems (4,226,508 victims) and the breach at Regal Medical Group (3,300,638 victims).

84.9% of the data compromises were due to cyberattacks (378 incidents) and 19.1% were due to system and human errors (58 incidents). 48 of the data compromises were due to supply chain attacks, which affected 78 entities, and there were 54 confirmed ransomware attacks. There were 106 phishing attacks in Q1, which made phishing the most common attack vector.

There is a growing trend of withholding important information from data breach notifications to the point where some breach notifications have no actionable information about the root cause of the breach, which makes it hard for individuals to determine the level of risk that they face. The lack of information also makes it difficult to obtain meaningful statistics on the causes of data breaches.

“It is troubling to see the trend of a lack of actionable information in data breaches continue from 2022,” said Eva Velasquez, ITRC President and CEO. “Among the top ten breaches we saw in Q1, 60 percent did not include information about the root cause of the event, compared to 40 percent in Q4 2022. This means individuals and businesses remain at a higher risk of cyberattacks and data compromises.”

The post Breach Notifications Increasing Lack Actionable Information on Breach Cause appeared first on HIPAA Journal.