Healthcare data breaches are on the rise as companies increasingly use digital services to store sensitive patient material.
In healthcare, cyberattacks have outpaced other industries as criminals seize the opportunity to exploit system vulnerabilities in pursuit of a trove of private medical information. Over the past five years, hacking incidents have skyrocketed, according to federal records. The records also say that, from 2010 to 2022, data breaches exposed 385 million patient records.
Hospitals can face ransoms and disruptions in operations, which can harm patient care. Cyberattacks have affected major chains like HCA Healthcare and CommonSpirit Health. An attack targeting Prospect Medical Holdings cut access to key computer systems for weeks, forcing some hospitals to temporarily suspend patient services.
Health insurers, providers, clearinghouses and business associates are required to notify the HHS Office for Civil Rights within 60 days when breaches affect the health information of more than 500 people.
Healthcare Dive has developed a tracker to catalog healthcare breaches reported to the agency. The tracker includes large-scale breaches that impact 352,447 or more records — the 95th percentile of incidents based on figures from the HHS Office for Civil Rights over the last four quarters in 2023. Readers can sort by breach type, size of incident and entity type.
The tracker will be updated as organizations report data breaches and modify entries. As always, sign up for the Healthcare Dive newsletter to read the latest stories examining cybersecurity in the industry.
Jasmine Ye Han, a data journalist, and Greg Linch, the data and visuals director, contributed to this story.