Sometimes a single cyberattack can impact hospitals across multiple states, as was the case when hackers targeted CommonSpirit Health in October 2022. Just one reported case of ransomware has allegedly led to the death of a patient. More often, patients' sensitive information is served up to a market of seedy individuals around the world ready to cash in on someone else's identity.

Drata analyzed Department of Health and Human Services data to determine which states felt the largest impacts due to health care data breaches in 2022. The total number of individuals affected by all health care data breaches in each state reported to HHS was normalized as a rate per 10,000 people. Data was not available for Alaska, Idaho, and Washington D.C.

The HITECH Act, signed into federal law in 2009, requires companies to report the breach of protected health information affecting 500 or more people to HHS. Around 38.5 million people in total were affected in some way by the incidents reported to HHS last year. Unfortunately, the data does not make it possible to know how many people may have been affected by more than one breach.

Health care institutions are among the most targeted businesses in the world, chiefly because they hold such sensitive information about the patients they serve. Hospitals, home health agencies, and other institutions store patients' phone numbers, Social Security numbers, addresses, and other things that would allow any would-be criminal to pose as a patient and open new credit cards or bank accounts in their name.

In fact, roughly 44% of all reported identity theft in 2022 resulted in a fraudulent credit card account being opened, according to Federal Trade Commission data. The agency received a record number of fraud reports in 2021, with the total fraud reports for 2022 coming in on par with 2020. The years 2020 and 2021 marked an important pivot in how consumers shared their personal information, with the adoption of digital banking and retail shopping driven to modern highs as a result of the COVID-19 pandemic.

In 2022, the FBI's Internet Crime Complaint Center received millions of complaints of cybercrime with losses totaling $10.3 billion. It can take time—even years—for personal information compromised in a data breach to be used for a crime that brings the event to the attention of the FBI.

But the pandemic also drove a rise in cyberattacks on hospitals and other health care businesses. And a good deal of that sensitive information begins its journey into nefarious hands when a hacker illegally accesses information at a health care institution.

Drata

Hacking and IT incidents dominate reasons sensitive information was breached at health care organizations in 2022

Sometimes an employee's oversight in crafting an email with the wrong link or attachment can allow unauthorized access to private information, as happened in Wisconsin's Department of Health and Human Services last year. However, the vast majority of data breaches at these companies happen through hacking and IT incidents.

Most often, hackers accomplish this with malware that locks up the data until the victim organization pays the attacker a ransom. The federal government recommends against paying ransoms because companies cannot guarantee that a copy of the data won't be sold to criminals anyway after the ransom is paid, and therefore paying is thought to encourage more of the behavior.

In the top five states where the largest portion of the population was impacted by data breaches at health care organizations last year, all most commonly saw data breaches resulting from hacking.

Sean Pavone // Shutterstock

48. Mississippi

- People affected per 10,000 residents: 0.4
- Breaches reported: 1
- Most common type of breach: Unauthorized Access/Disclosure

Dawid S Swierczek // Shutterstock

47. Iowa

- People affected per 10,000 residents: 0.5
- Breaches reported: 1
- Most common type of breach: Hacking/IT Incident

C Model // Shutterstock

46. Wyoming

- People affected per 10,000 residents: 2.8
- Breaches reported: 1
- Most common type of breach: Unauthorized Access/Disclosure

Sean Pavone // Shutterstock

45. Virginia

- People affected per 10,000 residents: 6.3
- Breaches reported: 20
- Most common type of breach: Hacking/IT Incident

Steven Frame // Shutterstock

44. South Dakota

- People affected per 10,000 residents: 7.4
- Breaches reported: 3
- Most common type of breach: Hacking/IT Incident

Andrey Bayda // Shutterstock

43. Nevada

- People affected per 10,000 residents: 8.1
- Breaches reported: 3
- Most common type of breach: Hacking/IT Incident

Joseph Sohm // Shutterstock

42. Maine

- People affected per 10,000 residents: 8.6
- Breaches reported: 1
- Most common type of breach: Hacking/IT Incident

Jacob Boomsma // Shutterstock

41. Nebraska

- People affected per 10,000 residents: 11.2
- Breaches reported: 6
- Most common type of breach: Hacking/IT Incident

Sean Pavone // Shutterstock

40. Connecticut

- People affected per 10,000 residents: 13.2
- Breaches reported: 7
- Most common type of breach: Hacking/IT Incident

IMG_191 // Shutterstock

39. Minnesota

- People affected per 10,000 residents: 13.3
- Breaches reported: 6
- Most common type of breach: Hacking/IT Incident

AevanStock // Shutterstock

38. Florida

- People affected per 10,000 residents: 13.7
- Breaches reported: 23
- Most common type of breach: Hacking/IT Incident

Susanne Pommer // Shutterstock

37. South Carolina

- People affected per 10,000 residents: 16.8
- Breaches reported: 5
- Most common type of breach: Hacking/IT Incident

Real Window Creative // Shutterstock

36. Maryland

- People affected per 10,000 residents: 17.1
- Breaches reported: 11
- Most common type of breach: Hacking/IT Incident

turtix // Shutterstock

35. New Mexico

- People affected per 10,000 residents: 21
- Breaches reported: 1
- Most common type of breach: Hacking/IT Incident

Real Window Creative // Shutterstock

34. Delaware

- People affected per 10,000 residents: 21.6
- Breaches reported: 3
- Most common type of breach: Hacking/IT Incident

Sean Pavone // Shutterstock

33. Rhode Island

- People affected per 10,000 residents: 22.7
- Breaches reported: 5
- Most common type of breach: Hacking/IT Incident

photo.ua // Shutterstock

32. Ohio

- People affected per 10,000 residents: 24.3
- Breaches reported: 20
- Most common type of breach: Hacking/IT Incident

Kamira // Shutterstock

31. New Jersey

- People affected per 10,000 residents: 29.1
- Breaches reported: 22
- Most common type of breach: Hacking/IT Incident

Brett Barnhill // Shutterstock

30. Georgia

- People affected per 10,000 residents: 29.3
- Breaches reported: 17
- Most common type of breach: Hacking/IT Incident

Eduardo Medrano // Shutterstock

29. Arkansas

- People affected per 10,000 residents: 29.4
- Breaches reported: 4
- Most common type of breach: Hacking/IT Incident

MNStudio // Shutterstock

28. Hawaii

- People affected per 10,000 residents: 40.9
- Breaches reported: 3
- Most common type of breach: Hacking/IT Incident

Canva

27. Utah

- People affected per 10,000 residents: 41.1
- Breaches reported: 4
- Most common type of breach: Hacking/IT Incident

Joe Hendrickson // Shutterstock

26. Missouri

- People affected per 10,000 residents: 44.5
- Breaches reported: 9
- Most common type of breach: Hacking/IT Incident

Canva

25. California

- People affected per 10,000 residents: 49.4
- Breaches reported: 31
- Most common type of breach: Hacking/IT Incident

Sean Pavone // Shutterstock

24. Alabama

- People affected per 10,000 residents: 59.5
- Breaches reported: 5
- Most common type of breach: Hacking/IT Incident

Jacob Boomsma // Shutterstock

23. Kansas

- People affected per 10,000 residents: 76.2
- Breaches reported: 8
- Most common type of breach: Hacking/IT Incident

Canva

22. New York

- People affected per 10,000 residents: 81.8
- Breaches reported: 43
- Most common type of breach: Hacking/IT Incident

CrackerClips Stock Media // Shutterstock

21. Tennessee

- People affected per 10,000 residents: 83.5
- Breaches reported: 11
- Most common type of breach: Hacking/IT Incident

Canva

20. Louisiana

- People affected per 10,000 residents: 87.4
- Breaches reported: 3
- Most common type of breach: Hacking/IT Incident

Derek Olson Photography // Shutterstock

19. North Carolina

- People affected per 10,000 residents: 87.9
- Breaches reported: 18
- Most common type of breach: Hacking/IT Incident

Erika J Mitchell // Shutterstock

18. Vermont

- People affected per 10,000 residents: 91.8
- Breaches reported: 1
- Most common type of breach: Hacking/IT Incident

Josemaria Toscano // Shutterstock

17. Oregon

- People affected per 10,000 residents: 94.5
- Breaches reported: 6
- Most common type of breach: Hacking/IT Incident

Canva

16. Oklahoma

- People affected per 10,000 residents: 97.8
- Breaches reported: 4
- Most common type of breach: Hacking/IT Incident

Wangkun Jia // Shutterstock

15. New Hampshire

- People affected per 10,000 residents: 116.8
- Breaches reported: 8
- Most common type of breach: Hacking/IT Incident

kan_khampanya// Shutterstock

14. Washington

- People affected per 10,000 residents: 136.6
- Breaches reported: 18
- Most common type of breach: Hacking/IT Incident

kintermedia // Shutterstock

13. Texas

- People affected per 10,000 residents: 139.7
- Breaches reported: 40
- Most common type of breach: Hacking/IT Incident

f11photo // Shutterstock

12. Kentucky

- People affected per 10,000 residents: 140.3
- Breaches reported: 3
- Most common type of breach: Hacking/IT Incident

marchello74 // Shutterstock

11. Illinois

- People affected per 10,000 residents: 188.5
- Breaches reported: 21
- Most common type of breach: Hacking/IT Incident

Jon Bilous // Shutterstock

10. Montana

- People affected per 10,000 residents: 196.1
- Breaches reported: 2
- Most common type of breach: Hacking/IT Incident

Gerald Bernard // Shutterstock

9. Michigan

- People affected per 10,000 residents: 208.6
- Breaches reported: 21
- Most common type of breach: Hacking/IT Incident

Gregory E. Clifford // Shutterstock

8. Arizona

- People affected per 10,000 residents: 213.2
- Breaches reported: 9
- Most common type of breach: Hacking/IT Incident

Real Window Creative // Shutterstock

7. Pennsylvania

- People affected per 10,000 residents: 232.8
- Breaches reported: 27
- Most common type of breach: Hacking/IT Incident

KYPhua // Shutterstock

6. Indiana

- People affected per 10,000 residents: 306.1
- Breaches reported: 14
- Most common type of breach: Hacking/IT Incident

lunamarina // Shutterstock

5. Massachusetts

- People affected per 10,000 residents: 335.5
- Breaches reported: 13
- Most common type of breach: Hacking/IT Incident

Studio 1One // Shutterstock

4. Colorado

- People affected per 10,000 residents: 395.8
- Breaches reported: 9
- Most common type of breach: Hacking/IT Incident

Jacob Boomsma // Shutterstock

3. North Dakota

- People affected per 10,000 residents: 655.2
- Breaches reported: 1
- Most common type of breach: Hacking/IT Incident

Canva

2. West Virginia

- People affected per 10,000 residents: 703.9
- Breaches reported: 7
- Most common type of breach: Hacking/IT Incident

Tony Savino // Shutterstock

1. Wisconsin

- People affected per 10,000 residents: 743.2
- Breaches reported: 9
- Most common type of breach: Hacking/IT Incident

Data reporting by Dom DiFurio. Story editing by Jeff Inglis. Copy editing by Tim Bruns. Photo selection by Elizabeth Ciano.

This story originally appeared on Drata and was produced and distributed in partnership with Stacker Studio.

Cases of the illnesses have been on the rise since 2000, including sexually transmitted infections among adults, as have congenital syphilis cases, which occur when mothers pass the disease to their unborn children. Cases reached a 70-year high in 2021, according to data from the Centers for Disease Control and Prevention.

Syphilis is typically treated with penicillin G benzathine, also known as Bicillin L-A, an injectable medication. It's the only treatment recommended for pregnant people with the disease.

Syphilis is caused by the bacteria Treponema pallidum and is primarily passed through contact with syphilitic sores. It can also be spread from a pregnant person to their unborn child.

The disease can resemble many other conditions and has multiple stages of infection. If left untreated, it can result in organ failure or death.

While any sexually active adult is at risk for the disease, certain communities, including gay and bisexual men, are considered at higher risk. When it comes to congenital syphilis, Black and Hispanic communities have faced increased rates of the disease.

Experts are unsure why syphilis cases have increased at higher rates than other sexually transmitted infections. Some theories include the disruption of STI prevention and treatment programs during the pandemic, along with the general stigma around STIs. Those theories, however, do not explain why syphilis rates is outpacing other infections.

The FDA said the shortage of bicillin is due to rising numbers of syphilis cases, as well as the drug's use as an alternative to amoxicillin. Amoxicillin has been in short supply due to surges in cases of respiratory illness and severe strep throat.

Pfizer, which is the only company manufacturing penicillin G benzathine, said it would take about a year to increase production enough to end the shortage.

Experts fear the shortage could make it difficult for patients to get treated. The CDC is recommending providers give preference to pregnant patients and infants who have been infected or exposed, while suggesting an alternate drug regimen for others.

Doxycycline, the alternative treatment, is not recommended for pregnant patients and has a more complicated, twice-a-day dosing regimen that all patients may not follow.

"This was really an exciting study," said Dr. Julie Prutsman at Sound Relief Hearing Center in Highlands Ranch, Colorado. "We've known for years that there is a connection or a link between untreated hearing loss and cognitive decline or dementia."

The study, she said, shows what impact hearing loss intervention can have.

Researchers analyzed more than 3,000 people - some that were considered healthy community volunteers, and older adults from the Atherosclerosis Risk in Communities study, a long-term observational study focused on cardiovascular health, according to CBS News.

During the study, participants were randomly placed into one of two groups: 'hearing intervention, which received audiological counseling and hearing aids, or 'control intervention,' which received health education regarding topics on chronic disease prevention. Researchers followed up with the groups every six months over a three-year period, and then scored them based on a "comprehensive neurocognitive" test.

In the published study, researchers say there was no major reduction in cognitive decline with the use of hearing aids. But, among the older participants, researchers say they found a "significant difference."

"These findings suggest that a hearing intervention might reduce cognitive change over 3 years in populations of older adults at increased risk for cognitive decline but not in populations at decreased risk for cognitive decline," researchers wrote.

Dr. Prutsman said the study offers "hope for these individuals if we treat something as simple as hearing loss."

Dr. Ira Chang, the medical director of neurocritical care at Swedish Medical Center, said there are different theories about how hearing loss impacts cognition.

"Maybe by not using those parts of the brain, they are atrophying faster, and maybe they are not as social," Chang said.

With the results of this study, Chang is glad to have another possible way to help her patients at high risk of dementia to slow the process.

"I think this is a very exciting, very concrete intervention that we can use," she said.

Hearing tests can be completed in 30 minutes or less, and Prutsman said there are many different kinds of hearing instruments available that are almost undetectable. Some even have Bluetooth technology.

She hopes families will look at their options.

"Early intervention is so critical to better outcomes," she said.