The healthcare data breach epidemic of 2024

In 2024, cyberattacks on healthcare organizations reached record levels, exposing millions of patient records and disrupting medical services. These breaches weren’t just compliance failures—they put patient safety at risk. Ransomware, phishing, and targeted attacks showed that healthcare remains a prime target, and current defenses aren’t enough.

Here’s what happened, what it cost, and what needs to change.

The scope of healthcare data breaches

Between January and September 2024, healthcare organizations in the United States reported 491 large-scale data breaches, each affecting more than 500 records. The total reflects a decline from the 745 breaches reported in 2023, though incidents remain widespread.

A February 2024 cyberattack on UnitedHealth Group's subsidiary, Change Healthcare, exposed the personal information of approximately 190 million individuals. Attributed to the ALPHV (BlackCat) hacking group, the breach stands as the largest healthcare data breach in U.S. history. Attackers exploited vulnerabilities in network servers and email accounts, causing widespread disruptions in claims processing nationwide.

Findings for 2024:

• Hacking and IT Incidents: Accounted for a majority of breaches, with ransomware and phishing attacks being the most common entry points.
• Geographic Impact: California recorded the highest number of breaches, while Utah experienced the largest single attack, affecting 4.3 million individuals.
• Trends: While the overall number of breaches slightly declined from 2023, their scale and financial impact increased, putting greater pressure on healthcare providers.

The cost of a breach

Healthcare data breaches come with steep financial consequences, far beyond the immediate costs of system recovery. Ransomware attacks, legal battles, operational downtime, and reputational harm all contribute to the long-term financial strain on affected organizations.

For example, UnitedHealth’s Change Healthcare breach resulted in an estimated business disruption cost of $705 million in 2024, covering ransom payments, legal settlements, and service interruptions. The total financial impact across the industry is expected to surpass $10 billion, as healthcare providers struggle to recover from major cyber incidents.

Immediate costs:

• Ransom payments: Cybercriminals may demand millions in cryptocurrency to restore access to encrypted data.
• Forensic investigations and recovery efforts: Organizations must conduct extensive audits, rebuild IT infrastructure, and patch security vulnerabilities.
• Regulatory fines: Non-compliance with healthcare data protection laws can lead to substantial penalties.

Long-term costs:

• Reputational damage: Patients may lose trust in affected providers, leading to a decline in patient retention.
• Operational disruptions: Downtime caused by data recovery efforts impacts healthcare services and delays patient care.
• Rising insurance premiums: Cyber insurance costs increase for organizations that have suffered major breaches.

Read also: Study shows the cost of data breaches at an all-time high 

The impact on patient privacy

Beyond financial losses, data breaches pose a serious risk to patient privacy. Cybercriminals often target personally identifiable information (PII) and protected health information (PHI), which can be exploited for identity theft and fraud.

Data commonly exposed:

• Personal identifiers: Names, Social Security numbers, birthdates.
• Medical records: Diagnoses, prescriptions, lab results.
• Financial information: Credit card details, billing records.
• Insurance data: Policy numbers, provider details.

Consequences for patients:

• Identity theft: Stolen personal information can be used to commit fraud or open unauthorized accounts.
• Medical identity theft: Attackers may file fraudulent insurance claims under a patient’s name.
• Emotional distress: Patients lose confidence in their healthcare providers, fearing future misuse of their sensitive data.

Read more: Healthcare data breaches: Insights and implications

Strengthening defenses against breaches

Enhancing security measures

• Multi-factor authentication (MFA): Ensures that only authorized personnel can access sensitive systems.
• Regular security updates: Patching vulnerabilities prevent attackers from exploiting outdated software.
• Data encryption: Encrypting data at rest and in transit minimizes exposure in case of a breach.

Improving device security

• Audits and inventory checks: Monitoring connected devices helps prevent unauthorized access.
• Secure decommissioning: Proper disposal of outdated equipment ensures that residual data is not accessible to attackers.

Strengthening workforce awareness

• Phishing awareness training: Employees should be trained to recognize fraudulent emails and social engineering attempts.
• Simulated cyberattacks: Running mock attack drills can help organizations gauge their security readiness.

Dark web monitoring

• Automated alerts: Organizations should track when stolen data appears on underground markets.
• Threat intelligence integration: Using real-time cybersecurity insights helps detect and address vulnerabilities.

Related: Preventing cyberattacks in your organization 

FAQs

What are the most common causes of healthcare data breaches?

The majority of healthcare data breaches stem from hacking, phishing attacks, ransomware, and insider threats. Attackers often exploit unpatched vulnerabilities in network servers, weak passwords, and misconfigured cloud storage.

How can patients protect their medical information after a breach?

Patients affected by a breach should monitor their credit reports, place fraud alerts on their accounts, and watch for suspicious medical bills or insurance claims. Signing up for identity protection services can also help mitigate potential fraud.

What steps should healthcare organizations take after a data breach?

Organizations should immediately contain the breach, assess the damage, notify affected individuals and regulatory authorities, and conduct a forensic investigation. Strengthening cybersecurity post-breach is necessary to prevent future incidents.