Security Audit

Healthcare Data Breach Statistics 2023

Updated on: January 10, 2023

Healthcare Data Breach Statistics 2023

The Healthcare sector has been increasingly under scrutiny for implementing, updating, and maintaining its cybersecurity measures in this increasingly risky world. 

With hospitals now experiencing the largest number of data breaches continuously for the past 12 years, it is high time to take an in-depth look into the statistics revolving around it. 

Coming to the end of the year now is the apt time to reflect and ponder on the implications of data breaches that have been plaguing the healthcare sector. In this article, we aim to analyze and study the compiled healthcare data breach statistics 2023. 

cyber security statistics
cybercrime statistics
data breach statistics
healthcare data breaches statistics
phishing statistics
ransomware attack statistics
Small business cyber security statistics
3rd party data breaches
cyber insurance claims statistics

Top Healthcare Data Breach Statistics 2023

Here are the top healthcare data breach statistics 2023:

  1. 30% of all large data breaches occur in hospitals. 
  2. The National Health Service (NHS) suffered a $100 million loss due to the WannaCry ransomware attack. 
  3. 51% of healthcare organizations reported an increase in data breaches since 2019. 
  4. 36% of healthcare facilities reported an increase in medical complications owing to ransomware attacks. 
  5. Only 4-7% of the health system’s IT budget is invested in cybersecurity. 
  6. 61% of healthcare data breach threats come from negligent employees.
  7. Fortified Health Security’s mid-year report stated that the healthcare sector suffered nearly 337 breaches in the first half of 2022 alone. 
  8. According to the U.S. Department of Health and Human Services, the 337 healthcare incidents reported affected 19,992,810 individuals. 
  9. 80% of the reported healthcare breaches by U.S. HSS were accounted for by hacking while the remaining 15% was accounted for by unauthorized access. 
  10. OneTouchPoint reported a breach in July 2022 that affected nearly 2,651,396 individuals.

Healthcare Data Breach Statistics -2023

This section will take a deep dive into general healthcare data breach statistics, statistics based on the type of incidents as well as statistics of healthcare breaches based on the cost. Lastly, it will also mention detailed statistics of data breaches that rattled the healthcare industry. 

General Healthcare Data Breach Statistics

  • There is a 75.6% chance of a breach of at least 5 million records in the year 2023.
  • Nearly 93% of healthcare organizations have experienced a data breach in the past three years according to Herjavec Group’s 2020 Healthcare Cybersecurity Report and 57 percent have had more than five data breaches during the same timeframe.
  • 27% of cyberattacks during COVID-19 targetted banks or healthcare organizations.
  • 2020 saw a 58% increase in healthcare industry targetted data breaches. 
  • A report from the American Journal of Managed Care revealed that hospitals spend 64% more annually on advertising after a breach. 
  • Medical devices are on average reported having 6 vulnerabilities at least 60% of them being at the end-of-life stage. 
  • In the case of healthcare-related cyber insurance claims, the triggering causes were: 
  1. Malicious data breach- 18%
  2. Accidental data breach- 29%
  3. Ransomware- 8%
  4. Stolen/Lost devices- 16%
  • A survey conducted revealed that nearly 70% of healthcare organizations saw longer hospital stays and delays in procedures due to ransomware attacks.
  • 67% of healthcare organizations experienced attacks using lookalike domains. 
  • Data breaches in healthcare went up by 42% since 2020 having the highest breach costs for the 12th year in a row. 
  • Sutter Health, a Northern California healthcare system was hit by around 87 million cyber threats in 2018. 
  • A survey conducted by PwC on the public in Germany revealed that 67% thought hospitals should be forced by law to train their staff on cybersecurity and its proper behavior. 
  • More than 2100 healthcare data breaches have been reported since 2009.
  • 34% of data breaches in healthcare organizations came in the form of authorized access or disclosure. 
  • 6 percent of pediatric hospitals reported data breaches. 
  • At least 18% of teaching hospitals experienced a data breach. 
  • 95% of all identity theft stems from stolen hospital records. 
  • Healthcare statistics by HIPAA revealed that healthcare cybersecurity incidents fell by 8% in February 2022 but still faced 46 incidents affecting 2.5 million people. 
  • The most popular targets among hackers are the healthcare and finance industries, at 15% and 10% respectively.
  • The report, released by Singapore-based Cyber Risk Management (CyRiM) believes healthcare will be one of the industries most affected by hackers having lost over lost $25 billion alone last two years.
  • Data breaches exposed at least 42 million records between March 2021 and February 2022.
  • An estimated US $7 billion has been lost due to stolen PHI in the US healthcare industry annually.
  • The chances of another Anthem-sized breach (80+ million records) within the next three years is at 25.7%.
  • With costs of $408 per record healthcare data breaches cost the highest of any industry.
  • 47% of healthcare data breaches come from hackers or various IT incidents.
  • Up 162% over the past three years, unauthorized access is already a massive issue. Nevertheless, it is still growing at an astounding rate.
  • 66% of organizations consider malicious insider attacks or accidental breaches more likely than external attacks.
  • Awareness of an occurrence of a breach happened months after the initial event in the case of 39% of healthcare organizations. 
  • Third-party insiders are also a risk factor with 94% of organizations working with outsourcing companies having given them system access. 72% have advanced permissions. 
  • 24% of physicians couldn’t identify the common signs of malware.
  • 2020 saw nearly 240 million hacking attempts with Cerebro accounting for 58% of threats, Sodinokibi at 16%, and VBCrypt at 14%. 
  • Nearly 80 million people were affected by the Anthem Breach.
  • The healthcare industry invests less than 6% of its budget on cybersecurity while the US spends 16% of its federal budget on cybersecurity.
  • Doctors in the “risk” category were at 50%, making them likely to commit a serious data breach.
  • The cybersecurity report by Tenable gave the healthcare industry a 54% grade when it came to cyber assurance. 
  • Healthcare cybersecurity jobs take longer to get filled when compared to IT cybersecurity jobs by 70%. 
  • According to HIPAA, healthcare data breaches in the U.S. have decreased by 48%. 
  • 82% of organizations can’t determine the actual damage from an insider attack according to PwC. 
  • The third quarter of 2022 saw 1 in 42 healthcare organizations targeted by ransomware attacks. 
  • The Healthcare sector saw a 60% increase in attacks from 2021 with an average of 1426 attacks per week. 
  • 90% of healthcare institutions have experienced at least one security breach in the previous few years. 
  • 30% of most data breaches occur in large hospitals with a record of exposing patients’ private health information.
  • Globally known medical bodies like the CDC (US’s Centre For Disease Control) and the UN’s WHO (World Health Organization) were impersonated to carry out a variety of scams during the pandemic. 
  • The U.S. pharma company Pfizer mistakenly leaked private data of the country’s prescription drug users in a data breach caused due to unsecured cloud storage. 

Data Breach Statistics Based on Type of Incident

The most common causes of data breaches in the healthcare industry are phishing attacks, ransomware attacks, and business email compromise attacks (BEC). 

  1. Phishing
healthcare phishing statistics
  • 88% of healthcare workers opened phishing emails.
  • Phishing and other forms of cyber attacks have seen a 75% increase in 2021.
  • The HIMSS survey revealed that 36% of non-acute care organization representatives claimed that their organization did not conduct phishing tests.
  • A report analyzed by Health IT revealed that nearly 24% of health employees in the U.S. hadn’t received any cybersecurity awareness training to help identify phishing scams.
  1. Ransomware
  •  74% of ransomware attacks were aimed at hospitals, and 26% at secondary institutions like dental services and nursing homes. 
  • It was estimated that ransomware attacks would quadruple from 2017 to 2020 and grow 5x by 2021. 
  • 2020 saw nearly 560 healthcare facilities fall victim to ransomware attacks. 
  • 8% of healthcare data breach claims were triggered by ransomware attacks. 
  1. Business Email Compromise
  • A 2019 survey by HIMSS Cybersecurity revealed that nearly 60% of hospital representatives and healthcare IT professionals said that emails were the most common cause of data compromise. 
  • Healthcare email frauds have seen exponential growth at 473%. 
  • Healthcare organizations were targeted at an average of 96 email frauds every quarter. 
  • 70% of the fraud emails to healthcare institutions were sent during office timings between 7 A.M. and 1 P.M. 

Detailed Healthcare Data Breach Statistics

Here are some of the major healthcare data breaches that occurred over 2022. 

1. OneTouchPoint

OneTouchPoint reported a massive data breach that affected over 1,073,316 individuals in mid-July of 2022. 

The breach occurred due to unauthorized access to certain servers that contained information such as names, member IDs, and data from health assessments. 

More than 35 different organizations were affected by the breach including Anthem ACE, Geisinger, Kaiser Permanente, and Humana.  

2. Shields Health Care Group

The Shields healthcare data breach is the largest data breach reported in 2022. Shield Health Care Group, a Massachusetts-based company detected suspicious network activity on March 28th of 2022. 

Further inquiry revealed that a malicious actor gained access to certain Shields systems. It affected major partners like Tufts Medical Center and UMass Memorial MRI.

The data breach affected over 2 million individuals revealing their social security numbers, diagnoses, billing information, medical records, and PII like addresses, dates of birth, patient IDs, and more.

3. Novant Health

Novant Health reported that a misconfiguration in Meta pixel code potentially led to the unauthorized disclosure of protected health information (PHI) of 1,362,296 individuals. 

Meta, Facebook’s parent company faces two lawsuits in lieu of this since the evidence was found that improper configuration of Meta Pixel has led to the disclosure of sensitive information to Meta. 

Novant Health notified its patients and physicians and facilities regarding the possibility of information disclosure. However, there was no reported usage of the disclosed information by Meta or any third party.

4. Broward Health

Broward Health based in Florida reported a data breach affecting 1.35 million people on January 2nd of 2022. 

It was reported that the breach occurred through gaining access from a third-party medical provider. 

The health system said the intruders accessed private data including patient names, dates of birth, and Social Security numbers. 

5. Baptist Medical Center

Tenet Healthcare-affiliate Baptist Medical Center suffered a cyberattack on April 24th, 2022 affecting 1.24 million individuals.

An unauthorized party gained access to certain systems that contained personal information and took some data between March 31 and April 24.

The information may have included dates of birth, Social Security numbers, health insurance information, other medical data, and billing and claims information.

6. Farrer Park Hospital

Singapore-based Farrer Park Hospital had a breach that spanned over two years between March 8, 2018, and Oct 25, 2019. The confidential medical information of 2000 individuals was automatically forwarded to a third party. 

The hospital notified the commission about the breach in July 2020 after receiving a complaint in October 2019.

Among the 3,539 past, present or prospective patients whose personal data was leaked, 1,923 people had their medical information disclosed as well.

7. Texas Tech University Health Sciences Center

This science center was hit by a data breach due to a hacking incident that was reported on June 7, 2022. The breach affected over 1,29 million people. 

The breach involved information held by Eye Care Leaders, Inc., a third-party service provider of an electronic medical records system used by Texas Tech’s health sciences center. 

Some of the records included names, birthdates, Social Security numbers, and other medical record data.

8. Anthem

Anthem disclosed on February 2015 that criminal hackers broke into its servers stealing over 37.5 million records that contain personally identifiable information. 

80 million company records were hacked. The compromised information contained names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses, employment information, and income data.

Healthcare Data Breach Cost Statistics

  • The year 2019 was estimated to have cost $ 25 billion for the healthcare industry due to ransomware attacks. 
  • Ransomware attacks have healthcare providers in the US causing a total loss of $157 million since 2016. 
  • The total ransomware demand for the period accounted for $16.48 million out of which healthcare providers paid only $ 640,000. 
  • A recent study found that the average cost of a data breach is $ 4.24 million. 
  • The average cost of a healthcare data breach surpassed the general average of $ 9.23 million per incident. 
  • $10.10 million was the average cost of a data breach in the healthcare industry. 
  • An average of $ 9.3 million was the cost of healthcare data breaches per incident in 2021. 
  • The average ransom payout in the first quarter of 2022 was $211,259 34% less than the fourth quarter of 2021.  
  • Healthcare data breaches cost an average of $408 per record, which is three times higher than the cross-industry average of $148 per record.
  • The total spending on healthcare will rise to $5.61 billion by 2025 through the integration of blockchain technology.


This article has provided a detailed compilation of healthcare data breach statistics for 2023. It has included relevant statistics revealing the costs of a data breach, specific incidents, and general healthcare cybersecurity statistics that one needs to consider. 

Was this post helpful?

Nivedita James

Nivedita is a technical writer with Astra who has a deep love for knowledge and all things curious in nature. An avid reader at heart she found her calling writing about SEO, robotics, and currently cybersecurity.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany