"2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records"
Share
According to the US Department of Health and Human Services Office for Civil Rights (HHS OCR), in 2024, organizations informed the US government about more than 580 healthcare data breaches affecting a total of nearly 180 million user records. It was noted that an individual may have been impacted by multiple data breaches disclosed to the HHS, so the total number of impacted people is likely smaller than 180 million due to these overlaps. It's more accurate to say that 180 million user records were compromised in data breaches. Impacted information can include names, contact details, dates of birth, Social Security numbers, insurance information, medical information, and even financial information. Of the total number of data breaches, 440 affected healthcare providers. Another commonly impacted type of entity was healthcare business associate, which accounted for nearly 100 incidents. Health plans were involved in nearly 60 incidents. Of the reported incidents, close to 500 were described as "hacking/IT incidents," including ransomware attacks. The second most common type of incident involved unauthorized access or disclosure. Nearly 400 breaches involved network servers, and roughly 130 involved email. Organizations in Texas accounted for the highest number of incidents (56), followed by California (43), New York (34), Illinois (33), Florida (28), Ohio (26), Massachusetts (22), Michigan (22), Tennessee (21), and Pennsylvania (21). The most significant healthcare data breach of 2024 impacted Change Healthcare. A ransomware attack aimed at the company resulted in the information of roughly 100 million individuals getting stolen.