Most common types of healthcare data breaches

Protecting patient data is paramount in the healthcare industry. However, data breaches remain a serious concern, threatening patient privacy and disrupting healthcare operations.

The Definitive Healthcare HospitalView product tracks IT hacks and data breaches, along with data on technology installations for network and security systems, connected medical devices, and more. This data empowers users to understand potential vulnerabilities or needs when engaging with key hospital technology decision-makers.

The Department of Health and Human Services (HHS) also tracks healthcare data breaches through the Office for Civil Rights Breach Portal, as required by the HIPAA Breach Notification Rule. The tool provides valuable insights into the nature and scope of data breaches of unsecured protected health information (PHI) at healthcare provider organizations, healthcare insurance plans, and their business associates.

This Healthcare Insight reviews 2023 healthcare data breaches by their causes, sources of attack, and the number of health records affected.

How many healthcare data breaches are there each year?

The number of healthcare data breaches continues to increase each year. In 2016, there were 329 reported breaches in healthcare, while in 2023, there were 739 – or nearly two healthcare data breaches every day of the year.

There were about 500 or fewer healthcare data breaches each year before 2019. There have been more than 660 breaches reported each year since 2020.

As of the end of February 2024, the number of healthcare data breaches for the year was already nearly 100.

HHS reported healthcare data breaches by year

Fig. 1 Data is from the HHS Breach Portal. Accessed February 2024.

What is the main cause of healthcare data breaches?

Of the 739 healthcare data breaches reported in 2023, 80% were due to hacking or IT incidents.

Hacking and IT incidents have consistently been the most common type of breach, and the number of healthcare data hacking cases increases each year mainly due to ransomware attacks.

Type of healthcare data breaches

Fig. 2 Data is from the HHS Breach Portal. Accessed February 2024.

What are the common sources of healthcare data breaches?

Network server breaches make up more than two-thirds (68.2%) of healthcare data breaches in 2023, an increase from 56.6% in 2022. Email as the source of an attack decreased from 22.9% in 2022 to 18.1% in 2023.

Location of breached healthcare information

Fig. 3 Data is from the HHS Breach Portal. Accessed February 2024.

How many records are affected by healthcare data breaches?

The 739 healthcare data breaches in 2023 affected more than 136 million individual records – more than double the number of records affected in 2022. 2023 was the first year since 2015 that had more than 110 million records breached.

Total healthcare records affected by data breaches each year

Fig. 4 Data is from the HHS Breach Portal. Accessed February 2024.

How many healthcare records are breached on average?

Between 2018 and 2022, about 72,300 records, on average, were affected by healthcare data breaches. In 2023, breaches affected about 184,000 records on average. There were eight healthcare data breaches in 2023 that affected more than 4 million records each. The largest healthcare data breach in 2023 impacted more than 11 million records.

Average number of healthcare records breached each year

Fig. 5 Data is from the HHS Breach Portal. Accessed February 2024.

What types of organizations are targets for healthcare data breaches?

HHS tracks data breaches at four types of organizations: healthcare providers, health plans, business associates, and healthcare clearinghouses.

Healthcare providers consistently report the highest number of reported breaches, potentially due to the thousands of hospitals and outpatient facilities across the country (compared to less than 1,000 health insurance carriers) and their levels of adoption of healthcare data security systems.

In 2023, 62.2% of healthcare data breaches took place at healthcare provider organizations. Business associates experienced 23.4% of the healthcare data breaches in 2023, and 13.9% were at health plans.

Type of organization with healthcare data breach by year

Fig. 6 Data is from the HHS Breach Portal. Accessed February 2024.

Learn more

IT security companies can use data from Definitive Healthcare to identify the right hospital opportunities to pursue and focus their sales efforts.

Healthcare Insights are developed with healthcare commercial intelligence from the Definitive Healthcare platform. Want even more insights? Start a free trial now and get access to the latest healthcare commercial intelligence on hospitals, physicians, and other healthcare providers.