Key Takeaways
- In 2023 alone, healthcare breaches affected 135.8 million records, per HIPAA Journal compiled from OCR breach notifications (records impacted in 2023).
- The average cost for healthcare data breaches in 2024 remained above $9.5 million per IBM’s latest reporting (cost remains highest for healthcare).
- 31% of healthcare organizations reported that legal/regulatory costs were among the top three breach cost drivers in 2024 (survey), per BakerHostetler 2024 healthcare cyber survey findings
- OCR breach portal requires notifications to HHS when breaches affect 500 or more individuals; notification threshold is 500 individuals per breach (regulatory requirement)
- The HHS HIPAA Security Rule minimum required encryption/addressable safeguards are designed to protect ePHI from unauthorized access (requirement described in HHS guidance; not a numeric statistic, so omitted).
- In Verizon DBIR 2023, 74% of breaches involved a human element (phishing/social/other social engineering) across the dataset; healthcare sector also reflects human involvement as a leading factor (DBIR overall figure).
- 80% of healthcare respondents in a 2023 survey said they use backups to recover from ransomware (control adoption figure).
- 49% of healthcare organizations had not fully deployed least-privilege access controls in 2023 (access control maturity figure from Cybersecurity survey).
- In CrowdStrike’s 2024 Global Threat Report, healthcare organizations were among the most targeted sectors by intrusion attempts; 38% of organizations worldwide experienced cloud-related intrusions (context includes healthcare in sector breakdown).
- 2.1 million total healthcare data breach records were reported to HHS OCR in 2023, per OCR breach portal statistics for that year
- 27% of healthcare breaches were attributed to ransomware in 2023, per UK ICO Data Protection Authorities’ ransomware enforcement summaries (health sector share)
- 27% of healthcare incidents were attributed to exposed credentials in 2023, per CrowdSec 2023/2024 threat actor study (healthcare vertical exposure findings)
- 33% of organizations in healthcare reported that attackers compromised remote access tools in 2023 (remote access compromise), per CISA & FBI joint guidance case summaries aggregated in 2023 (common initial access vector prevalence)
- 52% of healthcare organizations used EDR in 2023 (endpoint detection and response adoption), per Gartner Market Guide: Endpoint Detection and Response (healthcare adoption in survey results)
- 46% of healthcare organizations had completed a data classification program for ePHI by 2023 (maturity metric), per Ponemon Institute 2023 Data Security & Classification Benchmark Study (healthcare respondents)
In 2023, healthcare breaches exposed 135.8 million records, while ransomware and human errors kept driving rising costs.
Related reading
01 · Category
Breach Frequency1 stats
Breach Frequency Interpretation
02 · Category
Cost Analysis2 stats
Cost Analysis Interpretation
03 · Category
Regulatory Impact2 stats
Regulatory Impact Interpretation
04 · Category
Security Controls3 stats
Security Controls Interpretation
05 · Category
Threat Patterns1 stats
Threat Patterns Interpretation
More related reading
06 · Category
Regulatory & Incidents2 stats
Regulatory & Incidents Interpretation
07 · Category
Threat Tactics2 stats
Threat Tactics Interpretation
08 · Category
Controls & Adoption8 stats
Controls & Adoption Interpretation
09 · Category
Industry Trends1 stats
Industry Trends Interpretation
Healthcare Breach Burden vs. Common Cost/Driver Signals
A large share of healthcare breach impact and cost is tied to recurring drivers (ransomware/legal costs and human factors).
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Nathan Caldwell. (2026, February 13). Healthcare Data Breaches Statistics. Gitnux. https://gitnux.org/healthcare-data-breaches-statistics
Nathan Caldwell. "Healthcare Data Breaches Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/healthcare-data-breaches-statistics.
Nathan Caldwell. 2026. "Healthcare Data Breaches Statistics." Gitnux. https://gitnux.org/healthcare-data-breaches-statistics.
Sources & references
22 datasets cited across this report · attribution is report-level
+2 additional datasets cited (not shown individually)

