Published on
From 2010 to 2024, healthcare data breach incidents in the United States rose significantly, with the total number of reported breaches increasing from 216 to 566—a 162% rise. Ransomware-involved cyberattacks across all Health Insurance Portability and Accountability Act (HIPAA)-covered entities increased from 0% of breaches in 2010 to 31% in 2021. However, by 2024, ransomware attacks more recently trended down to 11% of incidents (61 of the total 566 incidents for the year). Even more concerning is that 69% of patient records affected by the breaches occurring in 2024 were linked to ransomware-associated cyberattacks. Over the total study period, 732 million records were compromised, with hacking incidents responsible for 643 million (88%) and ransomware for 285 million (39%). The authors of the JAMA Network Open publication emphasize the need for better reporting, operational impact metrics, and stronger cybersecurity to address growing threats. When ransomware holds patient records hostage, many health organizations have no choice but to pay up.
Biggest ever breech: The February 2024 ransomware attack on Change Healthcare compromised the health information of 100 million people—the largest breach ever in healthcare—and cost parent company UnitedHealthcare about $2.4 billion. Providers also felt the effects on their bottom lines as payments processed by Change were delayed for months.