In 2024, the US healthcare sector experienced a significant number of data breaches, with 720 incidents reported to the Department of Health and Human Services (HHS). These breaches collectively compromised approximately 186 million user records, exposing sensitive personal, medical, and financial data.
According to a recent analysis of the HHS Office for Civil Rights (OCR) breach database, the incidents primarily involved healthcare providers (520 cases), healthcare business associates (120 cases), and health plans (100 cases). The breaches exposed a wide range of sensitive data, including names, Social Security numbers, medical information, and insurance details.
The vast majority of breaches (around 600) were categorized as “hacking/IT incidents,” which include ransomware attacks. Another common cause was unauthorized access or disclosure. Approximately 450 breaches targeted network servers, while around 160 involved email-based incidents, often driven by phishing and malware.
The state of Texas saw the highest number of incidents, followed closely by California, New York, and Illinois. However, breaches were widespread across the country, affecting healthcare organizations in nearly every state.
The most significant breach of 2024 occurred at Change Healthcare, where a ransomware attack compromised the data of approximately 100 million individuals. Other notable breaches included those at Kaiser Permanente (13.4 million records), Ascension Health (5.5 million), and HealthEquity (4.3 million).
Notably, a revision to the data on January 20, 2025, clarified that the total number of reported breaches only included ongoing investigations, excluding closed cases. This highlights the scope of the cybersecurity challenges facing the healthcare sector.
These breaches underscore the growing vulnerability of the healthcare industry to cyber threats, particularly ransomware and phishing attacks, which continue to pose significant risks to patient privacy and organizational security.
For more information, the OCR maintains a comprehensive record of healthcare data breaches, providing transparency into the ongoing challenges in protecting sensitive healthcare information.
Image by Gerd Altmann from Pixabay
