Healthcare data breaches have been on the rise for decades, and the trend is expected to continue as technology advances. Likewise, the industry remains one of the most vulnerable to cyberattacks.
A closer look at healthcare data breach statistics reveals how vulnerable this industry is, how many people are affected by these attacks, and the financial and health consequences.
Top 6 Healthcare Data Breach Statistics (Editor’s Pick)
- Healthcare data breaches cost $10 million per attack in 2022.
- 269 of the 337 healthcare breaches in mid-year 2022 were caused by hacking/IT incidents.
- 36% of reported healthcare breaches in H1 2022 involved business associates.
- By 2025, total healthcare investment in cybersecurity will reach $125 billion.
- In 2021, there were 713 reported major healthcare data breaches.
- In October 2021, Broward Health experienced a data breach affecting 1.35 million people.
General Healthcare Data Breach Statistics
1. Healthcare data breaches cost $10 million per attack in 2022.
This represented a 9.4% increment between March 2021 and March 2022.
2. Between 2009 and 2021, approximately 95% of Americans had their health information disclosed.
Around 5,150 data breaches were reported to the Office for Civil Rights (OCR) between October 21, 2009, and December 31, 2022.
3. In 2021, 22 US states saw a 10% increase in residents’ private health information leaks.
Some states like Alaska, Florida, Nevada, and Washington D.C. had more than a 40% increase in healthcare data breach rates.
4. In 2022, about 50% of medical device manufacturers increased their cybersecurity budget by 25%.
In addition, 11% of them increased their device security budget by 10%, 31% by 26-50%, and 18% by more than 50%.
5. In 2022, there were over 340 healthcare data breaches in the United States.
This was an increase from only 16 in 2005 but a decrease from 398 in 2019.
6. Healthcare data breaches in the US affected over 19 million people in 2022.
There were 337 healthcare data breaches in the first half of 2022, affecting 19,992,810 people. This dropped from 2021, with 368 incidents in the first half of the year affecting over 27 million people.
7. Over 50% of healthcare firms had over 1,000 sensitive files available to every employee in 2021.
Every employee had access to one out of every five files, causing an overexposure that made the healthcare industry vulnerable in 2021.
Healthcare Data Breach Statistics by Incident Type
8. Breached healthcare records accounted for 95% of identity thefts in 2021.
These stolen records were also worth 25x as credit card records in 2021.
9. 269 of the 337 healthcare breaches in mid-year 2022 were caused by hacking/IT incidents.
That accounted for 80% of healthcare data breaches, while 15% were caused by unauthorized access/disclosure.
10. In Q3 of 2022, there was an increase in healthcare data breaches.
There was a 5% year-over-year increase as ransomware attacks targeted at least 1 in 42 healthcare organizations.
11. In 2021, hackers successfully encrypted healthcare data during breaches 4% lesser YoY.
The healthcare sector’s data encryption rate in 2021 was 61%, better than the cross-sector average of 65% and the previous year’s tally.
Healthcare Data Breach Statistics by Impact
12. There was an average of 1.94 breaches of 500 or more records daily in the healthcare sector in 2022.
There were 707 record breaches (500+ records each) in 2022.
This is almost double the reported breaches in 2018.
13. 36% of reported healthcare breaches in H1 2022 involved business associates.
While business associates reported only 54 incidents, they were involved in 123 data breach incidents.
14. 70% of healthcare organizations saw increased hospital stays and procedure delays due to ransomware attacks in 2021.
65% of respondents also said there was an increase in patients diverted to other facilities, and 36% reported an increase in medical complications.
15. In 2022, over 55% of medical device manufacturers lacked a Product Security Incident Response Team (PSIRT).
45% had a dedicated PSIRT, 34% did not but planned to get one, and 21% wanted to but had yet to make plans.
16. By 2025, total healthcare investment in cybersecurity will reach $125 billion.
In 2021, 18% of surveyed healthcare organizations spent 1%-2% of their IT budget on cybersecurity, while 22% allocated 3%-6% of their IT budgets.
Healthcare Data Breach Statistics by Individuals Affected
17. Eye Care Leaders' data breach affected over 2 million individuals in 2021.
The breach is believed to have impacted over 24 partner organizations so far.
Almost 1.3 million people at the Texas Tech University Health Sciences Center were affected by this breach.
18. Shields Health Care Group experienced a data breach affecting 2 million people in 2022.
The breach lasted 14 days (March 7 till March 21) and impacted over a dozen facility partners, including Tufts Medical Center and UMass Memorial MRI.
The organization reported a Meta pixel code that led to the unauthorized disclosure of protected health information.
20. In October 2021, Broward Health experienced a data breach affecting 1.35 million people.
However, the organization notified the affected individuals in January 2022.
The breach occurred through access from a third-party medical provider.
The attack was noticed in April and had already impacted over 1.2 million people.
22. MCG Health suffered a breach affecting about 1.1 million individuals in 2020.
The attack was first acknowledged in March 2022 but is indicated to have occurred as early as February 2020. The affected individuals were notified in June 2022, and the accessed data included relevant personal information.
23. In 2021, there were 713 reported major healthcare data breaches.
These breaches affected over 45 million people, the most since 2015, when 112.5 million were victims of data breaches.
24. Practice Resources was hit by a ransomware attack in April 2022, affecting 26 of its healthcare organization clients.
Personal information like names, addresses, treatment dates, health plan numbers, and medical record numbers was accessed in this attack, affecting over 942,000 people.
25. Regal Medical Group, Inc. and four other companies had a hacking/IT incident breach affecting over 3.3 million individuals in 2023.
This attack was submitted to the OCR on the 1st of February, 2023, and is currently under investigation as of March.
26. A Texas healthcare institution's data breach submitted in December 2022 affected roughly 612,000 people.
This hacking/IT incident occurred on the Metropolitan Area EMS Authority’s network server.
Be HIPAA Compliant
Healthcare data breaches are common, but they are challenging to discover.
Many of them are not noticed until weeks or months after the incident.
Thus, a healthcare organization should invest in solid security solutions to prevent and mitigate these attacks.
You can stay one step ahead of cybercriminals and avoid HIPAA penalties by using antivirus software against malware, password managers for password encryption, a VPN for privacy, and security AI.
You should also check out our statistics round-up on phishing, a common technique to breach healthcare data.