Between January and September 2024, healthcare organizations in the United States saw 491 large-scale data breaches, resulting in the loss of over 500 records. This figure has increased significantly in the last decade. To date, the highest number of large-scale data breaches in the U.S. healthcare sector was recorded in 2023, with a reported 745 cases.

Healthcare data breaches in the United States are a constantly increasing risk with the potential for significant damage to affected parties. The largest recorded U.S. data breach in the healthcare sector as of November 2024, was recorded in July 2024, at Change Healthcare, Inc., a health insurance provider in the United States, when criminal hackers stole personal data affecting 100 million individuals.

In 2023, the most significant healthcare data breach incident in the United States was the HCA Healthcare breach. The Nashville-based company is the largest health system in the United States. During the July 2023 breach, more than 180 U.S. hospitals and 2,300 healthcare sites reported about unauthorized access. The incident impacted 11.27 million individuals in the United States. Second-ranked PJ&A data breach impacted nearly nine million individuals.

In 2022, most healthcare data breaches in the United States happened as a result of hacking or IT-related incidents. The number of such cases was 555 in the examined year. The next-most common cause for data breaches was unauthorized access or disclosure, detected in 113 cases. Loss and theft of data were less common causes of data breaches in the U.S. healthcare system in 2022. Overall, in 2022, there were 707 data breaches of over 500 records in the U.S. healthcare industry.

In the first half of 2024, the number of breached healthcare data records in the United States was over 43 million. The highest reported number of breached data records in the U.S. healthcare sector was registered in 2015, totaling 112.4 million. This figure has fluctuated dramatically since then.

In the first half of 2024, the share of health-related U.S. data breaches caused by hacking was 78 percent, which marked a two percent increase from 2023, reaching its highest rate since 2014.

In 2023, over 1.1 thousand healthcare data breaches were reported in the United States. The number of reported breaches in the U.S. healthcare system has gradually increased since 2016.

According to the data, the number of hacking/IT incidents on healthcare data has significantly increased significantly from 2014 to 2020, amounting to almost 600 data breaches in total in 2020.

In the first half of 2024, healthcare providers reported 252 data breaches in the U.S. healthcare sector, becoming the entity with the highest number of reported breach incidents. As of the time of the reporting, business associates ranked second with the number of reported data breaches.

In 2023, the number of data compromises in the United States stood at 3,205 cases. Meanwhile, over 353 million individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2022, healthcare, financial services, and manufacturing were the three industry sectors that recorded most data breaches. The number of healthcare data breaches in the United States has gradually increased within the past few years. In the financial sector, data compromises increased almost twice between 2020 and 2022, while manufacturing saw an increase of more than three times in data compromise incidents. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

In 2023, there were more than 809 incidents of data compromises in the healthcare sector in the United States. Reaching its all-time highest. This indicates a significant growth since 2005 when the industry saw only 16 cases of data compromises in the country.

Between January and November 2024, the healthcare sector in the United States saw 520 resolved data breach cases. These are the incidents that are past the investigation phase. In 2023, the number of resolved data breach incidents in the United States was 313, a slight decrease from the year prior.

This statistic describes the number of entities involved in health-related U.S. data breaches from 2009 to 2020. According to the source, in 2019 there were 512 entities that were involved in data breaches.

In the first half of 2024, 284 data breach incidents in the healthcare sector in the United States were caused by hacking and other IT incidents. A further 64 incidents of breaches originated from unauthorized access, while three percent were caused by theft.

In 2023, HCA Healthcare was involved in the largest health data breach in the United States, with over 11.2 million health records affected in a July 2023 incident. Perry Johnson & Associates ranked second, with 8.95 million records breached, followed by Managed Care of North America (MCNA), with 8.86 million breached records.

In 2023, the healthcare industry in the United States remained the most targeted by cyber attacks, resulting in data compromises. Compared to 2022, the number of data compromise incidents in the U.S. healthcare industry increased more than twice. The financial services sector ranked second, with 744 data compromise incidents, representing a significant increase, too.

A 2023 report on data breaches in the healthcare system in the United States revealed that in most incidents, the leaked data was located in the network server, with almost 70 percent of data breaches indicating this location. The second-most common location of breached data was e-mail, with over 18 percent of the cases, followed by paper or films, with nearly six percent of the cases.

The statistic shows the number of data breaches in the United States from 2013 to 2019, by industry. In the last measured period, the majority of the 1,473 annual data breaches affected business and medical or healthcare organizations, with 644 and 525 data breaches respectively.

During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Since the first quarter of 2020, the highest number of data records were exposed in the first quarter of 202, more than 818 million data sets. Data breaches remain among the biggest concerns of company leaders worldwide. The most common causes of sensitive information loss were operating system vulnerabilities on endpoint devices. Which industries see the most data breaches? Meanwhile, certain conditions make some industry sectors more prone to data breaches than others. According to the latest observations, the public administration experienced the highest number of data breaches between 2021 and 2022. The industry saw 495 reported data breach incidents with confirmed data loss. The second were financial institutions, with 421 data breach cases, followed by healthcare providers. Data breach cost Data breach incidents have various consequences, the most common impact being financial losses and business disruptions. As of 2023, the average data breach cost across businesses worldwide was 4.45 million U.S. dollars. Meanwhile, a leaked data record cost about 165 U.S. dollars. The United States saw the highest average breach cost globally, at 9.48 million U.S. dollars.

In the first half of 2023, more than 16 million medical records stored in the network were affected by healthcare data breaches in the United States. On the contrary, in the second half of 2022, the number of impacted data records stored in the network was 7.4 million. The number of affected records stored in e-mail was around 300 thousand.