55+ Healthcare Data Breach Statistics for 2023

The frequency of data breach incidences in the healthcare industry has surged. Scammers, according to data, prefer to target the healthcare industry. Criminals who gain access to patient medical records can obtain personal information such as name, address, social security number, date of birth, etc.

707 healthcare data breach incidents occurred in the United States alone in 2020. A total of 19,992,810 people bore the impact of these violations. Continue reading to learn more about healthcare data breaches and their consequences for the industry.

1. About 93% of healthcare organizations have experienced data breaches in the past three years. 

2. Healthcare email fraud has increased by 473 percent.

3. The US Office of Civil Rights received 145 reports of data breaches from January 2023 to March 2023.

4. 24% of employees in the United States have not received training on cyber security. 

5. 62% of hospital administrators are unprepared and untrained to moderate cyber risks that may take place.

6. The healthcare sector reported 707 data breaches in 2022.

7. Employee negligence accounts for 61% of threats to healthcare data breaches.

Statistics Show Data Breaches in the Healthcare Sector Every Year

8. 25% of attacks in healthcare delivery organizations will involve wireless connections, the Internet of Things, and implanted medical devices.

9. According to HIMSS cyber security survey conducted in 2019, email is the most used form of information compromise.

10. Cybersecurity receives about 3-7% of the health system’s IT budget.

11. Hackers took 51.9 million documents in several data breach incidents.

12. Hospitals spend over 64% annually on advertising after a data breach.

13. In 2023, there is a 75.6% possibility of at least 5 million records being compromised.

14. Northern California healthcare was hit in 2018 by about 87 million cyber threats.

15. Hackers used 95% of the stolen data in identity theft cases.

16. In 2020, there were almost 240 million hacking attempts, with Cerebro at 58%, Sodinokibi at 16%, and VBCrypt at 14%.

17. According to a survey conducted in 2019, about 60% of hospital and healthcare IT professionals report that the primary cause of data compromise is emails.

18. Data Breaches Cost an Average of $9.3 Million Per Incident in Healthcare as of 2023.

19. Over 2100 breaches of healthcare data have been reported since 2009.

20. Identity theft is 25 times more common in healthcare than credit card theft.

21. Unauthorized Access Accounts for 34% of Healthcare Data Breaches.

What Volume of Healthcare Records was Revealed From March 2021 to February 2022?

22. 95% of identity theft is from stolen hospital records. Over 42 million data breaches were revealed between March 2021 and February 2022. Healthcare cyber security fell in February 2022 by 8% but still affected 2.5 million people.

Surprising Healthcare Data Statistics Breaches for 2023

23. Unauthorized Access Accounts for 34% of Healthcare Data Breaches.

Unauthorized access or disclosure is an issue, and it keeps increasing at 162% over the past 3 years.34% of healthcare data breaches reportedly come from unauthorized access, and 18% of teaching hospitals experience a data breach. 

24. 39% of Healthcare Establishments Became Aware of a Data Breach Month After it Occurred.

Detecting data breaches takes months and requires financial resources with the service of professional cyber security analysts to ease damages. A violation with a span of 200 days will cost $4.87 million to the affected company. 

25. 20% of All Data Breaches in 2022 Were in the Healthcare Sector.

Data breaches in the healthcare industry increased significantly in 2022, accounting for 20% of all reported breaches across all businesses.

26. 50% of Doctors are in the Risk Category and are Likely to Commit a Severe Data Breach.

Medical professionals should be educated on proper data security measures. 50% of medical professionals in the risk category imply a high chance of data breach, which cyber security specialists cannot prevent.

27. Healthcare Data Breaches Cost $408 Per Record.

$408 is a significant sum for a healthcare data breach, highlighting the financial burden and potential consequences for affected individuals and the healthcare organization.

28. Banks or Healthcare Organizations Were the Targets of 27% of Cyberattacks During COVID-19.

Targeted data breaches in the healthcare sector increased by 58% in 2020. Healthcare data breaches increased by 42% since 2020, when the cost of a breach peaked for the 12th consecutive year. With an average of 1426 attacks per week, the healthcare industry experienced a 60% rise in attacks from 2021.

Causes of Cyber Insurance Claims on Healthcare

The general reasons people initiate insurance claims are:

• Stolen or lost devices – 16%.
• Ransomware – 8%.
• Malicious data breaches – 18%.
• Accidental data breaches – 29%.

Pediatric and Teaching Hospitals Data Breaches

• Pediatric hospitals reported 6% data breaches.
• Teaching hospitals reported an 18% breach of data.

Statistics of Data Breaches Based on the Type of Incident

29. In the first quarter of 2023, over 6 million data breaches were recorded worldwide. 

30. 88% of healthcare workers open phishing emails.

31. About 24% of healthcare workers lack cyber security training to identify phishing scams. 

32. An average of 96 fraudulent emails are sent by hackers to healthcare establishments every quarter.                 

33. There were 707 publicly revealed data breaches among healthcare organizations in 2022. The health sector accounted for 20% of reported data breaches, making it the most exposed to cyber-attacks.

34. The United States healthcare industry experienced a 25% increase in cyber-attacks during the Covid -19 pandemic

Impact of Ransomware on the Healthcare Sector

35. In 2021, ransomware affected 1,203 sites across the United States, including hospitals. 

36. 34% of healthcare practitioners whose data were encrypted reported paying a ransom.

37. The University of New Jersey 2020 paid $670,000 to prevent 240 GB of stolen files from being leaked.

38. University of Vermont Medical Center lost % 50 million of its revenue due to a ransomware attack.

39. Two-thirds of health organizations had to cancel in-person appointments due to cyber-attack.

40. Authorised access and disclosure accounted for 34% of data breaches in healthcare organizations.

41. The Anthem Breach affected around 80 million people.

Impact of Phishing on Healthcare

Phishing allows hackers to take advantage of overworked medical professionals.

42. 91% of cyber-attacks start with phishing emails.

43. Phishing attacks have increased since the COVID-19 pandemic as the workforce is on the frontline and unable to ascertain when requests are a threat. 88% of healthcare workers have opened phishing emails.

444. Phishing emails were opened by 88% of healthcare professionals.

45. In 2021, phishing and other cyberattacks had increased by 75%.

Business Email Compromise

46. There was a 473% increase in healthcare email fraud attacks in the fourth quarter of 2018. 

47. According to statistics by the FBI, in 2013, there was a loss of $12.5 billion due to email fraud attacks. 

48. An average of 65 employees were victims in the fourth quarter of 2018. 

49. 95% of attacks occurred through healthcare organizations’ trusted domains.

50. Free email platforms such as Gmail and Comcast account for 33% of emails used in attacks.

Comprehensive Statistics of the Healthcare Data Breach

1. One Touch Point

OneTouchPoint reported a data breach affecting 37 healthcare organizations, including Geisinger, Kaiser Permanente, and ACE. The leak impacted 1,073,316 individuals by mid-July 2022. On April 28, OneTouchPoint discovered encrypted files on computer systems and launched an investigation. The affected files included names, member IDs, and health assessment data.

3. Novant Health

Novant Health informed 1.3 million patients on August 17, 2022, that their PHI had been disclosed. It was due to using a Meta pixel code in the patients’ portal.

The discovery of proof of inappropriate Meta pixel arrangement revealed crucial information. The Facebook patent corporation was subject to two lawsuits. Hundreds of hospital websites use meta pixels. It is a Javascript code that enables websites to track users’ activity.

4. Broward Health

A southeast Florida health system operating in over 30 healthcare locations in Broward County revealed a cyber-attack on October 15, 2021, which affected 1,357,879 patients and staff. The hacker gained access to the Broward health network through the office of a third-party medical provider.

5. Baptist Medical Center

Baptist medical center discovered that specific systems within their network may have been affected on April 20, 2022. Investigation revealed that an unauthorized third party accessed specific personal information systems between March 31 and April 24, 2022. This breach of data affected over 1.2 million people.

6. Farrer Park Hospital

Farrer Park, a Singapore base hospital, experienced a breach that lasted for over a year between March 8, 2018, and October 25, 2019. The hospital informed the commission of the violation in July 2020 after a complaint it received in October 2019.

Among the 3,539 past, present and prospective patients whose data was leaked, 1923 people had their medical information revealed. Farrer park hospital was fined $58,000 for a data breach because, on the first occurrence of a data breach in March 2018, the hospital did not implement multi-factor authentication.

7. Texas Tech University Health Science Center

Texas science center reported a data breach on June 7, 2022. This affected over 1 million people. The data breach involved being held by eye care leaders used by Texas tech university health services. Compromised databases and files may have contained the name, address, phone numbers, driver’s license, email, gender, date of birth, health insurance information social security number.

8. Anthem

On February 4, 2015, anthem Inc. revealed hackers accessed their servers and stole 37.5 million personal information records. Federal regulators investigated the Anthem data breach, which resulted in a $16 million settlement between Anthem and the Department of Health and human services. The settlement was the largest HHS data breach settlement.

Cost Statistics of the Healthcare Data Breach

51. The average cost of a breach in healthcare data is about $11 million in 2023; this represents an 8% rise from 2022.

52. In 2022, the average healthcare data breach cost was $10.10 million.

53. About 5 % of the IT budget in the health system is on cyber security.

54. About $7 billion has been lost in the United States due to stolen PHI.

55. Email fraud in the healthcare industry has increased exponentially by 473%.

56. Ransomware attacks were the cause of 8% of claims for healthcare data breaches.

Conclusion

As indicated by a 53.35% increase in healthcare data breaches since 2020, the healthcare industry is seeing a significant surge in cybercrime. Patients and the medical system are at risk from this trend. Governments and organizations must take solid action. Having adequate security measures in place is crucial. Only a combined effort can protect patient data and prevent unauthorized use that harms individuals financially. Addressing cybersecurity vulnerabilities in healthcare is critical to maintaining patient trust and medical system integrity.

FAQs

References

• OneTouchPoint disclose a recent data breach impacting more than 30 healthcare providers and health insurance companies.
• The 2020 Healthcare Cybersecurity Report
• The real cybersecurity risk sits between the chair and the keyboard
• Top healthcare data breach statistics of 2023
• 90+ Terrifyingly True Cybercrime Statistics
• REPORT REVEALS 473% INCREASE IN HEALTHCARE EMAIL FRAUD ATTACKS IN 2 YEARS
• Average Ransom Payment Dropped by 34% in Q1, 2022
• Ransomware attacks on US healthcare organizations cost $7.8bn in 2021
• Healthcare Data Breach Statistics
• The average cost of healthcare data breach reaches $11M, report finds
• Anthem medical data breach
• 1.3 million patients possibly affected by TTUHSC security breach
• Farrer Park Hospital was fined S$58,000 over a data breach involving the medical information of 2,000 people
• Malware Breach Affects 1.2 Million Medical Center Patients
• How Ransomware and Phishing Impact the Healthcare Sector
• 25+ Alarming Healthcare Data Breaches Statistics 2023 [& The Largest Healthcare Data Breaches]
• Healthcare – A Prime Target for Data Breaches
• Hackers hit the Broward Health network, potentially exposing data on 1.3M patients and staff.
• Novant Health Notifies 1.3M Patients of Unauthorized PHI Disclosure Caused By Meta Pixel
• Notice of Data Security Incident
• Geisinger, Kaiser Permanente, 35 Others Impacted By Third-Party Vendor Data Breach
• 80+ Healthcare Data Breach Statistics 2023