In 2024, healthcare faced unprecedented cyber attacks. Globally, 276 million patient records were exposed. MedStealer was a major malware threat that year. It targeted electronic health records and insurance databases. MedStealer exploited legacy IT systems and vendor networks. It used phishing and SQL injection attacks. The malware exfiltrated personal data for sale on dark web markets. The HIPAA Journal tracks such healthcare data breach statistics.
Healthcare data breach statistics show an upward trend. This trend has occurred over the past 14 years. 2023 set new records for reported breaches (725). It also had the most breached records then (133 million). The main causes of breaches have evolved. Previously, loss and theft of records were common. Now, hacking incidents and ransomware attacks dominate. In 2023, hacking caused nearly 80% of all data breaches.
The severity of data breaches is also increasing. In 2023, 168 million records were exposed or stolen. This included 26 breaches of over one million records each. While breach numbers slightly fell in 2024, record exposure rose. Over 276 million records were breached in 2024. This total includes the largest-ever healthcare data breach. The ransomware attack on Change Healthcare affected 190 million people. Kaiser Foundation also reported a large breach.
Before 2024, the largest breach was Anthem Inc. in 2015. That incident affected 78.8 million individuals. The Change Healthcare attack in 2024 surpassed this record. Reporting figures for breaches can be complex. Breaches at business associates are sometimes under-represented. This is because individual covered entities might report them separately. This occurred in major incidents like Eye Care Leaders and AMCA. Such reporting nuances affect overall statistics.
Reference:
