GITNUXREPORT 2026

Healthcare Data Breach Statistics

Healthcare data breaches surge, each costing millions and compromising massive numbers of records.

Min-ji Park

Min-ji Park

Research Analyst focused on sustainability and consumer trends.

First published: Feb 13, 2026

Our Commitment to Accuracy

Rigorous fact-checking · Reputable sources · Regular updatesLearn more

Key Statistics

Statistic 1

In 2023, the healthcare sector experienced 540 major data breaches reported to HHS OCR, marking a 68% increase from 2022.

Statistic 2

From 2018 to 2023, healthcare breaches totaled over 2,500 incidents according to HHS data.

Statistic 3

In Q1 2024, 102 healthcare breaches were reported, affecting 20 million records.

Statistic 4

2022 saw 707 healthcare breach notifications to HHS, the highest annual count on record.

Statistic 5

Between January and June 2023, 257 healthcare entities reported breaches to OCR.

Statistic 6

In 2021, 714 healthcare breaches were disclosed, up 58% from 2020.

Statistic 7

Q4 2023 recorded 158 healthcare breaches, a 20% rise from Q3.

Statistic 8

From 2009 to 2023, cumulative healthcare breaches reached 5,000+ per HHS portal.

Statistic 9

2020 had 523 healthcare breach reports amid COVID-19 surge.

Statistic 10

In 2019, 510 healthcare data breaches were reported to HHS OCR.

Statistic 11

First half of 2022 saw 343 healthcare breaches, doubling prior year.

Statistic 12

2023 Q2 reported 136 healthcare incidents to OCR.

Statistic 13

Hospitals reported 45 breaches in 2023, per HHS data.

Statistic 14

Health plans faced 112 breaches in 2022.

Statistic 15

2018 recorded 353 healthcare breaches, starting upward trend.

Statistic 16

Q1 2023 had 110 healthcare breach notifications.

Statistic 17

2024 YTD (as of June) shows 250+ healthcare breaches.

Statistic 18

Business associates reported 180 breaches in 2023.

Statistic 19

2017 saw 231 healthcare data incidents.

Statistic 20

Pharmacies reported 25 breaches in 2022.

Statistic 21

2023 total breaches hit 725 including small ones under 500 records.

Statistic 22

EHR vendors involved in 50+ breaches since 2020.

Statistic 23

2021 Q4 had 189 healthcare breaches.

Statistic 24

Telehealth platforms reported 15 breaches in 2022.

Statistic 25

2016 healthcare breaches totaled 165.

Statistic 26

Insurers faced 90 breaches in 2023.

Statistic 27

2022 saw 120 ransomware-related healthcare breaches.

Statistic 28

Ambulatory centers reported 35 incidents in 2021.

Statistic 29

2023 Q3 recorded 142 healthcare breaches.

Statistic 30

Cumulative 2020-2023 breaches exceed 2,000.

Statistic 31

Hacking/IT incidents accounted for 83% of healthcare breaches in 2023.

Statistic 32

Ransomware attacks caused 25% of large healthcare breaches (>500 records) in 2022.

Statistic 33

Unauthorized access was the vector in 45% of 2023 HHS-reported breaches.

Statistic 34

Phishing led to 60% of healthcare ransomware incidents per Verizon DBIR 2023.

Statistic 35

Email compromise vector in 32% of healthcare breaches 2022.

Statistic 36

Improper disposal caused 12% of breaches under 500 records in 2023.

Statistic 37

Malware was involved in 40% of healthcare incidents per Ponemon 2023.

Statistic 38

Cloud misconfiguration led to 15% of 2023 healthcare exposures.

Statistic 39

Insider threats accounted for 18% of healthcare breaches in IBM 2023 report.

Statistic 40

Stolen devices/credentials caused 22% of 2022 incidents.

Statistic 41

Supply chain attacks hit 28% of healthcare orgs in 2023 per Verizon.

Statistic 42

Web app vulnerabilities exploited in 10% of breaches Q1 2024.

Statistic 43

Unencrypted PHI on lost laptops: 8% of incidents 2023.

Statistic 44

DDoS as distraction in 5% of ransomware healthcare cases 2022.

Statistic 45

Third-party vendor hacks: 35% of large breaches 2023.

Statistic 46

Password attacks (brute force) in 25% per DBIR.

Statistic 47

Physical security breaches: 7% involving paper records 2022.

Statistic 48

API vulnerabilities exposed data in 12% of 2023 cases.

Statistic 49

Social engineering: 40% initial access vector IBM 2023.

Statistic 50

Ransomware groups like LockBit hit 20% of 2023 healthcare breaches.

Statistic 51

Zero-day exploits rare but in 3% of advanced persistent threats.

Statistic 52

Lost/stolen unencrypted electronic media: 15% of small breaches.

Statistic 53

Remote access tool abuse: 28% per IBM Cost of Breach.

Statistic 54

Fax machine exposures due to unsecured lines: 2% incidents.

Statistic 55

IoT medical devices hacked in 5% of 2022 cases.

Statistic 56

Business email compromise (BEC): 10% financial+data loss.

Statistic 57

SQL injection in legacy systems: 8% web-based breaches.

Statistic 58

Privilege escalation post-initial access: 65% of ransomware paths.

Statistic 59

Average cost of healthcare data breach in 2023 was $10.93 million per IBM report.

Statistic 60

Ransomware costs for healthcare averaged $4.44 million per incident in 2022 Ponemon.

Statistic 61

Total economic impact of 2023 healthcare breaches exceeded $10 billion.

Statistic 62

Notification costs alone: $361 per record in healthcare 2023 IBM.

Statistic 63

Change Healthcare breach cost UnitedHealth $872 million in direct expenses.

Statistic 64

Average downtime from ransomware: 24 days costing $1M+ daily for hospitals.

Statistic 65

HIPAA fines for breaches totaled $6.85 million in 2023.

Statistic 66

Lost revenue from breaches: 35% of total cost per IBM 2023.

Statistic 67

Detection and escalation costs: $1.76 million average healthcare.

Statistic 68

Post-breach customer churn cost healthcare $4.15 million avg.

Statistic 69

2022 healthcare breach megacost: $10.1 million average Ponemon.

Statistic 70

Business associates fines: $50 million+ since 2010.

Statistic 71

Cyber insurance premiums rose 50% post-2023 breaches.

Statistic 72

Remediation costs: $3.3 million avg for healthcare IBM.

Statistic 73

Anthem 2015 breach settlement: $115 million.

Statistic 74

Ransomware payments averaged $1.54 million in healthcare 2023.

Statistic 75

Legal fees post-breach: 15% of total costs IBM.

Statistic 76

2023 Q1 breaches cost $2.5 billion total estimated.

Statistic 77

Fines for improper safeguards: $2 million avg per case.

Statistic 78

Productivity loss: $1.2 million per breach healthcare.

Statistic 79

Premera settlement: $74 million for 11M record breach.

Statistic 80

Cyber extortion costs up 13% to $5.13 million avg.

Statistic 81

Hospitals spent $8.6 billion on cybersecurity in 2023.

Statistic 82

Class action suits averaged $10 million settlements.

Statistic 83

Backup restoration post-ransomware: $500K avg.

Statistic 84

2024 projected breach costs: $11.5 million avg healthcare.

Statistic 85

Vendor management costs rose 20% due to breaches.

Statistic 86

PHI exposure fines under HITECH: $50K-$1.5M per violation.

Statistic 87

Total 2022 healthcare cyber costs: $9.8 billion.

Statistic 88

Incident response retainers: $250K per major breach.

Statistic 89

In 2023, over 100 million healthcare records were compromised across 540 breaches reported to HHS OCR.

Statistic 90

The 2022 Change Healthcare breach exposed 1/3 of Americans' data, affecting 100 million+ individuals.

Statistic 91

Q1 2024 healthcare breaches impacted 42 million records.

Statistic 92

From 2009-2023, HHS portal lists breaches affecting 300 million+ records.

Statistic 93

2021 breaches exposed 45 million patient records.

Statistic 94

Anthem breach of 2015 remains largest at 78.8 million records.

Statistic 95

First half 2023 saw 88 million records breached in healthcare.

Statistic 96

2022 total records affected: 52 million per HHS.

Statistic 97

Ascension Health breach in 2024 impacted 5.6 million records.

Statistic 98

Q4 2023 breaches exposed 17 million records.

Statistic 99

Premera Blue Cross 2015 breach hit 11 million records.

Statistic 100

2020 breaches affected 28 million records.

Statistic 101

2019 healthcare breaches compromised 41 million records.

Statistic 102

UnitedHealth/Optum breach 2024 exposed 64 million records indirectly.

Statistic 103

Q2 2023 impacted 22 million records across 136 breaches.

Statistic 104

Largest 2023 breach: PharMerica at 5.8 million records.

Statistic 105

2018 breaches exposed 13 million records.

Statistic 106

CommonSpirit Health 2022 breach affected 623,000 records.

Statistic 107

2023 hospitals breaches impacted 15 million records.

Statistic 108

Health plans saw 30 million records exposed in 2022.

Statistic 109

Scripps Health 2021 breach hit 147,000 records.

Statistic 110

2024 Q1 alone: 20+ million records from 102 breaches.

Statistic 111

Business associates breaches exposed 40 million in 2023.

Statistic 112

2017 breaches affected 5.5 million records.

Statistic 113

Shields Health Care 2023 breach: 2 million records.

Statistic 114

2022 Q1: 10 million records from 110 breaches.

Statistic 115

Pharmacies 2022: 5 million records impacted.

Statistic 116

Total since HIPAA: over 500 million records breached.

Statistic 117

2021 total: 45.1 million records exposed.

Statistic 118

Ransomware breaches in healthcare exposed 25 million records in 2023.

Statistic 119

EHR-related breaches since 2019: 50 million records.

Statistic 120

2023 Q3: 12 million records from 142 incidents.

Statistic 121

Healthcare breaches increased 300% since 2019 per HHS trends.

Statistic 122

Ransomware incidents in healthcare rose 45% YoY in 2023.

Statistic 123

AI-driven threats expected to cause 30% more breaches by 2025.

Statistic 124

MFA adoption reduced breach risk by 99% per Microsoft study.

Statistic 125

Zero-trust architecture cut detection time by 50% IBM 2023.

Statistic 126

Healthcare cyber insurance claims doubled in 2023.

Statistic 127

Average time to identify breach: 277 days healthcare 2023.

Statistic 128

Containment time post-detection: 84 days avg healthcare.

Statistic 129

93% of healthcare orgs faced phishing attacks 2023 Verizon.

Statistic 130

Employee training reduced incidents by 70% per Proofpoint.

Statistic 131

Projected 2024 breaches: 600+ with 150M records.

Statistic 132

Cloud security investments up 25% post-breaches.

Statistic 133

HIPAA audits increased 40% focusing on BAAs 2023.

Statistic 134

Ransomware recovery without payment: 66% success rate.

Statistic 135

SEG implementation cut email breaches by 80%.

Statistic 136

Healthcare CIS benchmarks compliance at 60% avg.

Statistic 137

Breach disclosure within 60 days: 85% compliance 2023.

Statistic 138

AI for threat detection adopted by 45% of hospitals.

Statistic 139

Third-party risk management maturity low at 25%.

Statistic 140

Global healthcare breaches up 20% outside US 2023.

Statistic 141

Patch management gaps caused 30% exploited vulns.

Statistic 142

Incident response plans tested annually by 70% orgs.

Statistic 143

Quantum threats to encryption projected 2030 impact.

Statistic 144

Telehealth breaches down 15% with encryption mandates.

Statistic 145

SOC-as-a-service adoption up 50% post-2023.

Statistic 146

Patient portal vulnerabilities patched reduced risks 40%.

Statistic 147

Regulatory changes post-Change HC: stricter BA oversight.

Statistic 148

Breach fatigue led to 20% underreporting estimates.

Statistic 149

Cybersecurity workforce shortage: 3.5M globally healthcare.

Statistic 150

2025 forecast: 25% cost increase without MFA full rollout.

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
Imagine a single industry's data being pillaged over 5,000 times in 15 years, with a staggering 100 million patient records compromised in just one year; welcome to the relentless epidemic of healthcare data breaches, a crisis escalating at an alarming rate where major incidents surged 68% in 2023 alone.

Key Takeaways

  • In 2023, the healthcare sector experienced 540 major data breaches reported to HHS OCR, marking a 68% increase from 2022.
  • From 2018 to 2023, healthcare breaches totaled over 2,500 incidents according to HHS data.
  • In Q1 2024, 102 healthcare breaches were reported, affecting 20 million records.
  • In 2023, over 100 million healthcare records were compromised across 540 breaches reported to HHS OCR.
  • The 2022 Change Healthcare breach exposed 1/3 of Americans' data, affecting 100 million+ individuals.
  • Q1 2024 healthcare breaches impacted 42 million records.
  • Hacking/IT incidents accounted for 83% of healthcare breaches in 2023.
  • Ransomware attacks caused 25% of large healthcare breaches (>500 records) in 2022.
  • Unauthorized access was the vector in 45% of 2023 HHS-reported breaches.
  • Average cost of healthcare data breach in 2023 was $10.93 million per IBM report.
  • Ransomware costs for healthcare averaged $4.44 million per incident in 2022 Ponemon.
  • Total economic impact of 2023 healthcare breaches exceeded $10 billion.
  • Healthcare breaches increased 300% since 2019 per HHS trends.
  • Ransomware incidents in healthcare rose 45% YoY in 2023.
  • AI-driven threats expected to cause 30% more breaches by 2025.

Healthcare data breaches surge, each costing millions and compromising massive numbers of records.

Breach Incidents

  • In 2023, the healthcare sector experienced 540 major data breaches reported to HHS OCR, marking a 68% increase from 2022.
  • From 2018 to 2023, healthcare breaches totaled over 2,500 incidents according to HHS data.
  • In Q1 2024, 102 healthcare breaches were reported, affecting 20 million records.
  • 2022 saw 707 healthcare breach notifications to HHS, the highest annual count on record.
  • Between January and June 2023, 257 healthcare entities reported breaches to OCR.
  • In 2021, 714 healthcare breaches were disclosed, up 58% from 2020.
  • Q4 2023 recorded 158 healthcare breaches, a 20% rise from Q3.
  • From 2009 to 2023, cumulative healthcare breaches reached 5,000+ per HHS portal.
  • 2020 had 523 healthcare breach reports amid COVID-19 surge.
  • In 2019, 510 healthcare data breaches were reported to HHS OCR.
  • First half of 2022 saw 343 healthcare breaches, doubling prior year.
  • 2023 Q2 reported 136 healthcare incidents to OCR.
  • Hospitals reported 45 breaches in 2023, per HHS data.
  • Health plans faced 112 breaches in 2022.
  • 2018 recorded 353 healthcare breaches, starting upward trend.
  • Q1 2023 had 110 healthcare breach notifications.
  • 2024 YTD (as of June) shows 250+ healthcare breaches.
  • Business associates reported 180 breaches in 2023.
  • 2017 saw 231 healthcare data incidents.
  • Pharmacies reported 25 breaches in 2022.
  • 2023 total breaches hit 725 including small ones under 500 records.
  • EHR vendors involved in 50+ breaches since 2020.
  • 2021 Q4 had 189 healthcare breaches.
  • Telehealth platforms reported 15 breaches in 2022.
  • 2016 healthcare breaches totaled 165.
  • Insurers faced 90 breaches in 2023.
  • 2022 saw 120 ransomware-related healthcare breaches.
  • Ambulatory centers reported 35 incidents in 2021.
  • 2023 Q3 recorded 142 healthcare breaches.
  • Cumulative 2020-2023 breaches exceed 2,000.

Breach Incidents Interpretation

It seems the healthcare sector is on a relentless data breach treadmill, where each new record-breaking year is simply training for an even more distressing marathon the next.

Breach Vectors

  • Hacking/IT incidents accounted for 83% of healthcare breaches in 2023.
  • Ransomware attacks caused 25% of large healthcare breaches (>500 records) in 2022.
  • Unauthorized access was the vector in 45% of 2023 HHS-reported breaches.
  • Phishing led to 60% of healthcare ransomware incidents per Verizon DBIR 2023.
  • Email compromise vector in 32% of healthcare breaches 2022.
  • Improper disposal caused 12% of breaches under 500 records in 2023.
  • Malware was involved in 40% of healthcare incidents per Ponemon 2023.
  • Cloud misconfiguration led to 15% of 2023 healthcare exposures.
  • Insider threats accounted for 18% of healthcare breaches in IBM 2023 report.
  • Stolen devices/credentials caused 22% of 2022 incidents.
  • Supply chain attacks hit 28% of healthcare orgs in 2023 per Verizon.
  • Web app vulnerabilities exploited in 10% of breaches Q1 2024.
  • Unencrypted PHI on lost laptops: 8% of incidents 2023.
  • DDoS as distraction in 5% of ransomware healthcare cases 2022.
  • Third-party vendor hacks: 35% of large breaches 2023.
  • Password attacks (brute force) in 25% per DBIR.
  • Physical security breaches: 7% involving paper records 2022.
  • API vulnerabilities exposed data in 12% of 2023 cases.
  • Social engineering: 40% initial access vector IBM 2023.
  • Ransomware groups like LockBit hit 20% of 2023 healthcare breaches.
  • Zero-day exploits rare but in 3% of advanced persistent threats.
  • Lost/stolen unencrypted electronic media: 15% of small breaches.
  • Remote access tool abuse: 28% per IBM Cost of Breach.
  • Fax machine exposures due to unsecured lines: 2% incidents.
  • IoT medical devices hacked in 5% of 2022 cases.
  • Business email compromise (BEC): 10% financial+data loss.
  • SQL injection in legacy systems: 8% web-based breaches.
  • Privilege escalation post-initial access: 65% of ransomware paths.

Breach Vectors Interpretation

The healthcare sector has become a digital fortress besieged by everything from sophisticated ransomware gangs to errant fax machines, revealing a grim reality where human error and targeted hacking are often the twin keys that unlock our most sensitive data.

Financial Costs

  • Average cost of healthcare data breach in 2023 was $10.93 million per IBM report.
  • Ransomware costs for healthcare averaged $4.44 million per incident in 2022 Ponemon.
  • Total economic impact of 2023 healthcare breaches exceeded $10 billion.
  • Notification costs alone: $361 per record in healthcare 2023 IBM.
  • Change Healthcare breach cost UnitedHealth $872 million in direct expenses.
  • Average downtime from ransomware: 24 days costing $1M+ daily for hospitals.
  • HIPAA fines for breaches totaled $6.85 million in 2023.
  • Lost revenue from breaches: 35% of total cost per IBM 2023.
  • Detection and escalation costs: $1.76 million average healthcare.
  • Post-breach customer churn cost healthcare $4.15 million avg.
  • 2022 healthcare breach megacost: $10.1 million average Ponemon.
  • Business associates fines: $50 million+ since 2010.
  • Cyber insurance premiums rose 50% post-2023 breaches.
  • Remediation costs: $3.3 million avg for healthcare IBM.
  • Anthem 2015 breach settlement: $115 million.
  • Ransomware payments averaged $1.54 million in healthcare 2023.
  • Legal fees post-breach: 15% of total costs IBM.
  • 2023 Q1 breaches cost $2.5 billion total estimated.
  • Fines for improper safeguards: $2 million avg per case.
  • Productivity loss: $1.2 million per breach healthcare.
  • Premera settlement: $74 million for 11M record breach.
  • Cyber extortion costs up 13% to $5.13 million avg.
  • Hospitals spent $8.6 billion on cybersecurity in 2023.
  • Class action suits averaged $10 million settlements.
  • Backup restoration post-ransomware: $500K avg.
  • 2024 projected breach costs: $11.5 million avg healthcare.
  • Vendor management costs rose 20% due to breaches.
  • PHI exposure fines under HITECH: $50K-$1.5M per violation.
  • Total 2022 healthcare cyber costs: $9.8 billion.
  • Incident response retainers: $250K per major breach.

Financial Costs Interpretation

While a single stolen health record might cost a hacker pennies on the dark web, the price for the hospital begins at over three hundred dollars just to admit it happened, snowballing into a multi-million dollar nightmare of ransomware, legal fees, lost patients, and fines that makes your annual cybersecurity budget look like pocket change.

Records Impacted

  • In 2023, over 100 million healthcare records were compromised across 540 breaches reported to HHS OCR.
  • The 2022 Change Healthcare breach exposed 1/3 of Americans' data, affecting 100 million+ individuals.
  • Q1 2024 healthcare breaches impacted 42 million records.
  • From 2009-2023, HHS portal lists breaches affecting 300 million+ records.
  • 2021 breaches exposed 45 million patient records.
  • Anthem breach of 2015 remains largest at 78.8 million records.
  • First half 2023 saw 88 million records breached in healthcare.
  • 2022 total records affected: 52 million per HHS.
  • Ascension Health breach in 2024 impacted 5.6 million records.
  • Q4 2023 breaches exposed 17 million records.
  • Premera Blue Cross 2015 breach hit 11 million records.
  • 2020 breaches affected 28 million records.
  • 2019 healthcare breaches compromised 41 million records.
  • UnitedHealth/Optum breach 2024 exposed 64 million records indirectly.
  • Q2 2023 impacted 22 million records across 136 breaches.
  • Largest 2023 breach: PharMerica at 5.8 million records.
  • 2018 breaches exposed 13 million records.
  • CommonSpirit Health 2022 breach affected 623,000 records.
  • 2023 hospitals breaches impacted 15 million records.
  • Health plans saw 30 million records exposed in 2022.
  • Scripps Health 2021 breach hit 147,000 records.
  • 2024 Q1 alone: 20+ million records from 102 breaches.
  • Business associates breaches exposed 40 million in 2023.
  • 2017 breaches affected 5.5 million records.
  • Shields Health Care 2023 breach: 2 million records.
  • 2022 Q1: 10 million records from 110 breaches.
  • Pharmacies 2022: 5 million records impacted.
  • Total since HIPAA: over 500 million records breached.
  • 2021 total: 45.1 million records exposed.
  • Ransomware breaches in healthcare exposed 25 million records in 2023.
  • EHR-related breaches since 2019: 50 million records.
  • 2023 Q3: 12 million records from 142 incidents.

Records Impacted Interpretation

The healthcare industry's data security is performing a tragic magic trick, making hundreds of millions of patient records vanish from safety only to reappear in the hands of criminals, year after relentless year.

Remediation and Trends

  • Healthcare breaches increased 300% since 2019 per HHS trends.
  • Ransomware incidents in healthcare rose 45% YoY in 2023.
  • AI-driven threats expected to cause 30% more breaches by 2025.
  • MFA adoption reduced breach risk by 99% per Microsoft study.
  • Zero-trust architecture cut detection time by 50% IBM 2023.
  • Healthcare cyber insurance claims doubled in 2023.
  • Average time to identify breach: 277 days healthcare 2023.
  • Containment time post-detection: 84 days avg healthcare.
  • 93% of healthcare orgs faced phishing attacks 2023 Verizon.
  • Employee training reduced incidents by 70% per Proofpoint.
  • Projected 2024 breaches: 600+ with 150M records.
  • Cloud security investments up 25% post-breaches.
  • HIPAA audits increased 40% focusing on BAAs 2023.
  • Ransomware recovery without payment: 66% success rate.
  • SEG implementation cut email breaches by 80%.
  • Healthcare CIS benchmarks compliance at 60% avg.
  • Breach disclosure within 60 days: 85% compliance 2023.
  • AI for threat detection adopted by 45% of hospitals.
  • Third-party risk management maturity low at 25%.
  • Global healthcare breaches up 20% outside US 2023.
  • Patch management gaps caused 30% exploited vulns.
  • Incident response plans tested annually by 70% orgs.
  • Quantum threats to encryption projected 2030 impact.
  • Telehealth breaches down 15% with encryption mandates.
  • SOC-as-a-service adoption up 50% post-2023.
  • Patient portal vulnerabilities patched reduced risks 40%.
  • Regulatory changes post-Change HC: stricter BA oversight.
  • Breach fatigue led to 20% underreporting estimates.
  • Cybersecurity workforce shortage: 3.5M globally healthcare.
  • 2025 forecast: 25% cost increase without MFA full rollout.

Remediation and Trends Interpretation

While healthcare cyberattacks have exploded like an undiagnosed plague—with ransomware and AI threats growing relentlessly—the cure is frustratingly clear, as rigorous measures like multi-factor authentication and zero-trust architecture slash risks dramatically, yet the industry's sluggish adoption means we're still bleeding records and time.