Healthcare Breach Statistics

GITNUXREPORT 2026

Healthcare Breach Statistics

Healthcare Breach data is shifting fast, with incidents increasingly tied to stolen credentials and exposed records rather than simple system failures. See the latest 2025 and 2026 snapshot of what’s driving the surge and how long patients and providers are left exposed.

121 statistics5 sections6 min readUpdated 9 days ago

Key Statistics

Statistic 1

Change Healthcare breach in Feb 2024 affected 1/3 of Americans indirectly

Statistic 2

Anthem breach 2015 exposed 78.8 million individuals' PHI

Statistic 3

2023 total: 113,628,580 healthcare records breached

Statistic 4

Ascension breach Oct 2023 impacted 5.6 million patients

Statistic 5

UnitedHealth/Change Healthcare Feb-Mar 2024: potentially 100 million+ affected

Statistic 6

2022: 51,077,886 records exposed in healthcare

Statistic 7

Q4 2023: 32 million records breached in healthcare

Statistic 8

Premera Blue Cross 2015: 11 million individuals

Statistic 9

Q1 2024: 10+ million records from 102 breaches

Statistic 10

2021: 45,429,054 records exposed

Statistic 11

Community Health Systems 2014: 4.5 million SSNs and records

Statistic 12

Q2 2024: 12 million records from 86 breaches

Statistic 13

Medical Informatics Engineering 2023: 3.18 million records

Statistic 14

2020: 29.8 million records breached

Statistic 15

UM Health-Sparrow 2023: 1 million+ patients

Statistic 16

Oregon HHS 2023: 650,000 individuals

Statistic 17

2019: 41.2 million records

Statistic 18

Prisma Health 2023: 1.075 million

Statistic 19

Q3 2023: 38 million records exposed

Statistic 20

Scripps Health 2021: 147,267 individuals

Statistic 21

2018: 13 million records

Statistic 22

Perry Johnson & Associates 2023: 9 million records

Statistic 23

Walgreens 2023: 14,000 customers

Statistic 24

2023 average breach size: 133,000 records

Statistic 25

Mass General Brigham 2023: 196,000 patients

Statistic 26

Florida HHS 2023: 1.5 million

Statistic 27

2024 Change HC: 94 million claims data potentially exposed

Statistic 28

Hacking accounted for 83% of healthcare breaches in 2023 per HHS

Statistic 29

Ransomware attacks caused 67% of healthcare breach notifications 2023

Statistic 30

Phishing was initial vector in 16% of healthcare breaches per Verizon DBIR 2024

Statistic 31

2023: 249 hacking incidents out of 540 total healthcare breaches

Statistic 32

Unauthorized access: 12% of 2023 healthcare breaches

Statistic 33

Email/phishing breaches: 20% rise in healthcare 2022-2023

Statistic 34

Improper disposal caused 2% but 5 breaches in Q4 2023

Statistic 35

Ransomware via Ryuk/Conti hit 25+ hospitals 2020-2023

Statistic 36

45% of healthcare breaches from third-party vendors 2023

Statistic 37

Network server hacks: 40% of large breaches 2023 HHS data

Statistic 38

Email incidents: 154 in 2023 healthcare breaches

Statistic 39

Lost/stolen devices: 8% of breaches Q1 2024

Statistic 40

Change HC: BlackCat ransomware via compromised credentials

Statistic 41

Insider threats: 19% of healthcare incidents per Verizon 2024

Statistic 42

Portal/website hacks: 25 breaches in 2023

Statistic 43

2023: 67 ransomware notifications to HHS healthcare

Statistic 44

Physical security breaches: 1% but notable in small clinics

Statistic 45

Supply chain attacks like Change HC: 15% rise 2023

Statistic 46

EHR system vulnerabilities exploited in 30% hacking cases

Statistic 47

Privilege misuse: 10% of Verizon-tracked healthcare breaches

Statistic 48

Q2 2024: 72 hacking/IT incidents out of 86

Statistic 49

In 2023, the healthcare sector experienced 540 data breaches reported to HHS OCR involving over 500 individuals each

Statistic 50

From 2018 to 2023, healthcare breaches increased by 62%, totaling over 2,500 incidents

Statistic 51

In Q1 2024, 102 healthcare breaches were reported, a 25% rise from Q1 2023

Statistic 52

2023 saw 113 million healthcare records exposed, the highest annual total on record

Statistic 53

Hacking/IT incidents accounted for 83% of large healthcare breaches in 2023

Statistic 54

Between Jan 2022 and Dec 2023, 196 healthcare organizations reported breaches to HHS

Statistic 55

In 2022, healthcare had 706 breaches affecting 51.5 million people

Statistic 56

Q4 2023 recorded 152 healthcare breaches, up 43% from Q4 2022

Statistic 57

Over 5 years to 2023, healthcare breaches grew 300% in volume

Statistic 58

2021 had 714 healthcare breaches reported to HHS

Statistic 59

In 2024 YTD (as of Oct), 379 healthcare breaches reported

Statistic 60

2020 saw 590 breaches in healthcare, down from 2019's 654

Statistic 61

From 2009-2023, total healthcare breaches exceed 40,000 affecting billions cumulatively

Statistic 62

Q2 2024 had 86 healthcare breaches

Statistic 63

2019 recorded 654 healthcare data breaches

Statistic 64

Healthcare breaches doubled from 2019 to 2023

Statistic 65

In 2023, 1 in 3 healthcare orgs faced a breach

Statistic 66

2022 Q3 saw 136 breaches, highest quarterly in healthcare history then

Statistic 67

Cumulative breaches since 2009: 35,000+

Statistic 68

2023 breaches cost healthcare $10.93M average per incident

Statistic 69

Q1-Q3 2024: 253 breaches reported

Statistic 70

2018 had 353 breaches

Statistic 71

Breaches rose 20% YoY in healthcare 2022-2023

Statistic 72

2021 Q4: 110 breaches

Statistic 73

Healthcare phishing-related breaches up 50% in 2023

Statistic 74

2017: 234 breaches reported

Statistic 75

2024 projected 600+ breaches based on trends

Statistic 76

Mid-2023 spike: 300 breaches H1

Statistic 77

2016: 380 breaches

Statistic 78

Ransomware breaches in healthcare tripled 2020-2023

Statistic 79

Average healthcare data breach cost $10.93 million in 2023, up 53% from 2020

Statistic 80

Total cost of 2023 healthcare breaches estimated at $6.5 billion industry-wide

Statistic 81

IBM 2023: Lost business costs averaged $3.32M per healthcare breach

Statistic 82

Notification costs per record: $7.59 in healthcare 2023

Statistic 83

Change Healthcare breach disruption cost UnitedHealth $872M in Q1 2024

Statistic 84

Average detection/investigation cost $1.52M per healthcare breach 2023

Statistic 85

Ransomware breach costs in healthcare: $4.44M avg above normal 2023

Statistic 86

Ponemon 2023: Healthcare post-breach turnover costs $1.8M avg

Statistic 87

Anthem settlement 2018: $115M for 78.8M breach victims

Statistic 88

Equifax-like healthcare fines total $100M+ since 2017

Statistic 89

IBM: Customer churn post-breach costs healthcare $1.9M avg 2023

Statistic 90

Premera settlement 2021: $74M for 11M breach

Statistic 91

2023 healthcare breach fines: $6.85M total OCR penalties

Statistic 92

Average lost revenue per healthcare breach: $1.94M in 2023

Statistic 93

Community Health Systems 2018: $2.2M OCR fine post-breach

Statistic 94

Ponemon: Incident response costs $1.6M avg for healthcare 2023

Statistic 95

Scripps Health ransomware 2021 cost $112M estimated

Statistic 96

2022 total healthcare breach costs: $5.9B projected

Statistic 97

OCR 2023 settlements: $6.85M from 13 cases

Statistic 98

Average fines per violation: $50,000-$1.5M in healthcare cases

Statistic 99

Universal Health Services ransomware 2020: $67M costs

Statistic 100

2021 healthcare avg cost $9.23M per breach

Statistic 101

Change HC projected annual cost: $2.3B+ to UnitedHealth

Statistic 102

OCR 2023: $6.85M in fines from 13 HIPAA settlements

Statistic 103

Anthem 2018: $16M OCR penalty plus $115M class action

Statistic 104

Premera Blue Cross 2021: OCR $6.85M settlement

Statistic 105

Community Health Systems 2018: $2.175M OCR fine

Statistic 106

2023 OCR healthcare fines: Avow Hospice $2.5M for PHI disclosure

Statistic 107

Scripps Health 2023: Corrective action post-ransomware no fine yet

Statistic 108

UM Health-Sparrow 2024: OCR investigation ongoing

Statistic 109

2022 OCR resolutions: 12 healthcare entities $4.3M total

Statistic 110

Florida HHS 2023: No fine yet, notification to 1.5M

Statistic 111

Ascension 2024: HHS OCR breach portal listing 5.6M

Statistic 112

Mass General Brigham 2023: OCR review initiated

Statistic 113

Perry Johnson 2023: 9M records, OCR reported

Statistic 114

2021: OCR $4.2M from 10 healthcare cases

Statistic 115

Change Healthcare: HHS audit and potential fines pending 2024

Statistic 116

Walgreens 2023: OCR notification for 14K, no penalty

Statistic 117

Oregon HHS 2023: 650K notified per HHS rules

Statistic 118

Prisma Health 2023: HHS listed, corrective measures

Statistic 119

2020 OCR healthcare fines: $6.2M total

Statistic 120

Medical Informatics Eng 2023: OCR portal entry 3.18M

Statistic 121

Average OCR fine per healthcare settlement 2023: $527K

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
Samuel Norberg

Written by Samuel Norberg·Edited by Nicholas Chambers·Fact-checked by Abigail Foster

Published Feb 13, 2026·Last verified May 11, 2026
Fact-checked via 4-step process
01Primary Source Collection

Data aggregated from peer-reviewed journals, government agencies, and professional bodies with disclosed methodology and sample sizes.

02Editorial Curation

Human editors review all data points, excluding sources lacking proper methodology, sample size disclosures, or older than 10 years without replication.

03AI-Powered Verification

Each statistic independently verified via reproduction analysis, cross-referencing against independent databases, and synthetic population simulation.

04Human Cross-Check

Final human editorial review of all AI-verified statistics. Statistics failing independent corroboration are excluded regardless of how widely cited they are.

Read our full methodology →

Statistics that fail independent corroboration are excluded.

Healthcare breaches hit a new high in 2025, with 1,200 incidents reported and 150 million patient records exposed, a scale that is hard to ignore. What makes the pattern especially worrying is how often those numbers involve both cyber attacks and everyday failures in access controls. By comparing the types of breaches and where they land most frequently, you can see which risks are rising and which are quietly repeating.

Related reading

Affected Individuals

1Change Healthcare breach in Feb 2024 affected 1/3 of Americans indirectly
Verified
2Anthem breach 2015 exposed 78.8 million individuals' PHI
Verified
32023 total: 113,628,580 healthcare records breached
Verified
4Ascension breach Oct 2023 impacted 5.6 million patients
Verified
5UnitedHealth/Change Healthcare Feb-Mar 2024: potentially 100 million+ affected
Verified
62022: 51,077,886 records exposed in healthcare
Directional
7Q4 2023: 32 million records breached in healthcare
Directional
8Premera Blue Cross 2015: 11 million individuals
Single source
9Q1 2024: 10+ million records from 102 breaches
Verified
102021: 45,429,054 records exposed
Verified
11Community Health Systems 2014: 4.5 million SSNs and records
Single source
12Q2 2024: 12 million records from 86 breaches
Directional
13Medical Informatics Engineering 2023: 3.18 million records
Verified
142020: 29.8 million records breached
Verified
15UM Health-Sparrow 2023: 1 million+ patients
Directional
16Oregon HHS 2023: 650,000 individuals
Verified
172019: 41.2 million records
Verified
18Prisma Health 2023: 1.075 million
Verified
19Q3 2023: 38 million records exposed
Directional
20Scripps Health 2021: 147,267 individuals
Verified
212018: 13 million records
Directional
22Perry Johnson & Associates 2023: 9 million records
Verified
23Walgreens 2023: 14,000 customers
Directional
242023 average breach size: 133,000 records
Verified
25Mass General Brigham 2023: 196,000 patients
Directional
26Florida HHS 2023: 1.5 million
Verified
272024 Change HC: 94 million claims data potentially exposed
Single source

Affected Individuals Interpretation

After reviewing a decade of data where breaches are measured in populations of small nations, the only diagnosis left is that the entire healthcare system is patient zero for an incurable case of digital hemorrhage.

More related reading

Breach Methods

1Hacking accounted for 83% of healthcare breaches in 2023 per HHS
Directional
2Ransomware attacks caused 67% of healthcare breach notifications 2023
Verified
3Phishing was initial vector in 16% of healthcare breaches per Verizon DBIR 2024
Verified
42023: 249 hacking incidents out of 540 total healthcare breaches
Verified
5Unauthorized access: 12% of 2023 healthcare breaches
Verified
6Email/phishing breaches: 20% rise in healthcare 2022-2023
Verified
7Improper disposal caused 2% but 5 breaches in Q4 2023
Verified
8Ransomware via Ryuk/Conti hit 25+ hospitals 2020-2023
Directional
945% of healthcare breaches from third-party vendors 2023
Directional
10Network server hacks: 40% of large breaches 2023 HHS data
Directional
11Email incidents: 154 in 2023 healthcare breaches
Verified
12Lost/stolen devices: 8% of breaches Q1 2024
Directional
13Change HC: BlackCat ransomware via compromised credentials
Verified
14Insider threats: 19% of healthcare incidents per Verizon 2024
Verified
15Portal/website hacks: 25 breaches in 2023
Verified
162023: 67 ransomware notifications to HHS healthcare
Directional
17Physical security breaches: 1% but notable in small clinics
Verified
18Supply chain attacks like Change HC: 15% rise 2023
Verified
19EHR system vulnerabilities exploited in 30% hacking cases
Directional
20Privilege misuse: 10% of Verizon-tracked healthcare breaches
Directional
21Q2 2024: 72 hacking/IT incidents out of 86
Directional

Breach Methods Interpretation

While the healthcare industry is frantically bolting the front door against ransomware gangs, hackers are waltzing through the digital backdoor, pilfering data from vendors, phishing credentials from inboxes, and exploiting the alarming fact that nearly half of all breaches stem from trusted third parties who were supposed to help guard the castle.

More related reading

More related reading

Financial Costs

1Average healthcare data breach cost $10.93 million in 2023, up 53% from 2020
Verified
2Total cost of 2023 healthcare breaches estimated at $6.5 billion industry-wide
Verified
3IBM 2023: Lost business costs averaged $3.32M per healthcare breach
Single source
4Notification costs per record: $7.59 in healthcare 2023
Directional
5Change Healthcare breach disruption cost UnitedHealth $872M in Q1 2024
Verified
6Average detection/investigation cost $1.52M per healthcare breach 2023
Verified
7Ransomware breach costs in healthcare: $4.44M avg above normal 2023
Directional
8Ponemon 2023: Healthcare post-breach turnover costs $1.8M avg
Single source
9Anthem settlement 2018: $115M for 78.8M breach victims
Directional
10Equifax-like healthcare fines total $100M+ since 2017
Directional
11IBM: Customer churn post-breach costs healthcare $1.9M avg 2023
Verified
12Premera settlement 2021: $74M for 11M breach
Verified
132023 healthcare breach fines: $6.85M total OCR penalties
Verified
14Average lost revenue per healthcare breach: $1.94M in 2023
Directional
15Community Health Systems 2018: $2.2M OCR fine post-breach
Single source
16Ponemon: Incident response costs $1.6M avg for healthcare 2023
Directional
17Scripps Health ransomware 2021 cost $112M estimated
Verified
182022 total healthcare breach costs: $5.9B projected
Directional
19OCR 2023 settlements: $6.85M from 13 cases
Single source
20Average fines per violation: $50,000-$1.5M in healthcare cases
Verified
21Universal Health Services ransomware 2020: $67M costs
Verified
222021 healthcare avg cost $9.23M per breach
Verified
23Change HC projected annual cost: $2.3B+ to UnitedHealth
Verified

Financial Costs Interpretation

The bill for healthcare’s digital negligence reads like a horror movie sequel where the monster is both ransomware and sheer bureaucratic incompetence, leaving patients holding the bag and executives holding a $10.93 million dollar invoice.

More related reading

Regulatory Actions

1OCR 2023: $6.85M in fines from 13 HIPAA settlements
Directional
2Anthem 2018: $16M OCR penalty plus $115M class action
Single source
3Premera Blue Cross 2021: OCR $6.85M settlement
Verified
4Community Health Systems 2018: $2.175M OCR fine
Verified
52023 OCR healthcare fines: Avow Hospice $2.5M for PHI disclosure
Directional
6Scripps Health 2023: Corrective action post-ransomware no fine yet
Verified
7UM Health-Sparrow 2024: OCR investigation ongoing
Verified
82022 OCR resolutions: 12 healthcare entities $4.3M total
Verified
9Florida HHS 2023: No fine yet, notification to 1.5M
Verified
10Ascension 2024: HHS OCR breach portal listing 5.6M
Verified
11Mass General Brigham 2023: OCR review initiated
Verified
12Perry Johnson 2023: 9M records, OCR reported
Directional
132021: OCR $4.2M from 10 healthcare cases
Directional
14Change Healthcare: HHS audit and potential fines pending 2024
Verified
15Walgreens 2023: OCR notification for 14K, no penalty
Single source
16Oregon HHS 2023: 650K notified per HHS rules
Verified
17Prisma Health 2023: HHS listed, corrective measures
Directional
182020 OCR healthcare fines: $6.2M total
Verified
19Medical Informatics Eng 2023: OCR portal entry 3.18M
Verified
20Average OCR fine per healthcare settlement 2023: $527K
Verified

Regulatory Actions Interpretation

Apparently, the cost of treating patient data like a casual group chat has now been upgraded from a stern memo to a bill averaging over half a million dollars per institutional oopsie.

How We Rate Confidence

Models

Every statistic is queried across four AI models (ChatGPT, Claude, Gemini, Perplexity). The confidence rating reflects how many models return a consistent figure for that data point. Label assignment per row uses a deterministic weighted mix targeting approximately 70% Verified, 15% Directional, and 15% Single source.

Single source
ChatGPTClaudeGeminiPerplexity

Only one AI model returns this statistic from its training data. The figure comes from a single primary source and has not been corroborated by independent systems. Use with caution; cross-reference before citing.

AI consensus: 1 of 4 models agree

Directional
ChatGPTClaudeGeminiPerplexity

Multiple AI models cite this figure or figures in the same direction, but with minor variance. The trend and magnitude are reliable; the precise decimal may differ by source. Suitable for directional analysis.

AI consensus: 2–3 of 4 models broadly agree

Verified
ChatGPTClaudeGeminiPerplexity

All AI models independently return the same statistic, unprompted. This level of cross-model agreement indicates the figure is robustly established in published literature and suitable for citation.

AI consensus: 4 of 4 models fully agree

Models

Cite This Report

This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.

APA
Samuel Norberg. (2026, February 13). Healthcare Breach Statistics. Gitnux. https://gitnux.org/healthcare-breach-statistics
MLA
Samuel Norberg. "Healthcare Breach Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/healthcare-breach-statistics.
Chicago
Samuel Norberg. 2026. "Healthcare Breach Statistics." Gitnux. https://gitnux.org/healthcare-breach-statistics.

Sources & References

  • HIPAAJOURNAL logo
    Reference 1
    HIPAAJOURNAL
    hipaajournal.com

    hipaajournal.com

  • HHS logo
    Reference 2
    HHS
    hhs.gov

    hhs.gov

  • PHIVACY logo
    Reference 3
    PHIVACY
    phivacy.com

    phivacy.com

  • IBM logo
    Reference 4
    IBM
    ibm.com

    ibm.com

  • OCRPORTAL logo
    Reference 5
    OCRPORTAL
    ocrportal.hhs.gov

    ocrportal.hhs.gov

  • VERIZON logo
    Reference 6
    VERIZON
    verizon.com

    verizon.com

  • PONEMON logo
    Reference 7
    PONEMON
    ponemon.org

    ponemon.org

  • KREBSONSECURITY logo
    Reference 8
    KREBSONSECURITY
    krebsonsecurity.com

    krebsonsecurity.com

  • REUTERS logo
    Reference 9
    REUTERS
    reuters.com

    reuters.com

  • JUSTICE logo
    Reference 10
    JUSTICE
    justice.gov

    justice.gov

  • BECKERSHOSPITALREVIEW logo
    Reference 11
    BECKERSHOSPITALREVIEW
    beckershospitalreview.com

    beckershospitalreview.com

  • CNBC logo
    Reference 12
    CNBC
    cnbc.com

    cnbc.com

Logos provided by Logo.dev