Data breaches across the U.S. healthcare sector have reached alarming levels, with more than 409 million patient records compromised over the past two years, according to two new studies.
Indusface, a leading application security firm, reported 1,200 healthcare breaches in the last 24 months. Notably, 83% of these incidents involved exposed personal health data.
Texas led the nation with 66 breaches and over 14 million people affected, the most significant being a January 2024 breach at Concentra Health Services, which impacted nearly 4 million individuals.
California followed with 9.2 million affected, including the largest breach recorded in the study — 4.7 million records — when Blue Shield of California shared member data with Google for advertising purposes.
Other states also reported substantial exposure. Ohio faced 45 incidents affecting 3.7 million individuals, while Massachusetts saw 28 breaches with a nearly identical number of impacted patients.
“Healthcare systems are highly vulnerable due to outdated software and the high market value of patient data,” said Venky Sundar, founder and president of Indusface. He also noted that vulnerability exploits have now surpassed phishing as the leading cause of breaches, with the average patch taking more than 200 days.
A separate study by Michigan State University, Yale, and Johns Hopkins highlighted ransomware as a growing threat. In 2024, ransomware accounted for only 11% of breaches by number but was responsible for 69% of compromised records. This marks a significant rise from zero ransomware incidents in 2010 to 222 attacks in 2021, representing nearly a third of major breaches that year.
The study also revealed that hacking and IT incidents now account for 81% of healthcare breaches, up from just 4% in 2010. Researchers believe the real numbers may be even higher due to underreporting and lack of disclosure on ransom payments.
“Ransomware is now the most disruptive threat to healthcare cybersecurity,” said John Jiang, lead author and professor at Michigan State University. “With limited cybersecurity budgets, healthcare providers must prioritize protection around the most sensitive data. The tools exist — what’s needed is urgency and coordinated action.”
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
