{"id":23842,"date":"2022-12-06T20:55:01","date_gmt":"2022-12-06T15:25:01","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=23842"},"modified":"2026-05-21T19:04:17","modified_gmt":"2026-05-21T13:34:17","slug":"healthcare-data-breach-statistics","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/security-audit\/healthcare-data-breach-statistics\/","title":{"rendered":"80+ Healthcare Data Breach Statistics 2026"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Statistics for data breaches in healthcare reveal that <strong>30%<\/strong> of all large data breaches occur in hospitals. <strong>51% <\/strong>of healthcare organizations reported an increase in data breaches since 2019.&nbsp; The first half of 2022 saw <strong>337 breaches which affected 19,992,810 individuals.<\/strong>&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">With hospitals now experiencing the largest number of data breaches continuously for the past 12 years, it is high time to take an in-depth look into the statistics revolving around it. In this article, we aim to analyze and study the compiled healthcare data breach statistics 2026.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/cyber-security-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/cyber-security-statistics.jpg\" alt=\"cyber security statistics\" class=\"wp-image-24299\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/cyber-crime-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/cybercrime-statistics.jpg\" alt=\"cybercrime statistics\" class=\"wp-image-24300\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/data-breach-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/data-breach-statistics.jpg\" alt=\"data breach statistics\" class=\"wp-image-24301\"\/><\/a><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/healthcare-data-breach-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/healthcare-data-breaches-statistics.jpg\" alt=\"healthcare data breaches statistics\" class=\"wp-image-24302\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/phishing-attack-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/phishing-statistics.jpg\" alt=\"phishing statistics\" class=\"wp-image-24303\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/ransomware-attack-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/ransomware-attack-statistics.jpg\" alt=\"ransomware attack statistics\" class=\"wp-image-24304\"\/><\/a><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/small-business-cyber-attack-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/Small-business-cyber-security-statistics.jpg\" alt=\"Small business cyber security statistics\" class=\"wp-image-24305\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/third-party-data-breach-statistics\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/3rd-party-data-breaches.jpg\" alt=\"3rd party data breaches\" class=\"wp-image-24297\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/cyber-insurance-claims-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/cyber-insurance-claims-statistics.jpg\" alt=\"cyber insurance claims statistics\" class=\"wp-image-24298\"\/><\/a><\/figure>\n<\/div>\n<\/div>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Top_Healthcare_Data_Breach_Statistics_2026\"><\/span><strong>Top Healthcare Data Breach Statistics 202<\/strong>6<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Here are the top healthcare data breach statistics 2023-2026:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>According to HIPAA, healthcare data breaches in the U.S. have decreased by 48%.&nbsp;<\/li>\n\n\n\n<li><strong>36%<\/strong> of healthcare facilities reported an increase in medical complications owing to ransomware attacks.&nbsp;<\/li>\n\n\n\n<li>Only <strong>4-7%<\/strong> of the health system\u2019s IT budget is invested in cybersecurity.&nbsp;<\/li>\n\n\n\n<li><strong>61%<\/strong> of healthcare data breach threats come from negligent employees.<\/li>\n\n\n\n<li>Fortified Health Security\u2019s mid-year report stated that the healthcare sector suffered nearly <strong>337 breaches in the first half alone.&nbsp;<\/strong><\/li>\n\n\n\n<li>According to the U.S. Department of Health and Human Services, the 337 healthcare incidents <strong>reported affected <\/strong><a href=\"https:\/\/blog.protenus.com\/2022-healthcare-data-breach-trends\" target=\"_blank\" rel=\"noopener\"><strong>19,992,810 individuals<\/strong><\/a><strong>.<\/strong>&nbsp;<\/li>\n\n\n\n<li><strong>80% <\/strong>of the reported healthcare breaches by U.S. HSS were accounted for by hacking while the remaining<strong> 15% <\/strong>was accounted for by unauthorized access.&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Is_Your_Pentester_Keeping_Up_with_Attack_AI\"><\/span>Is Your Pentester Keeping Up with Attack AI?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>5.33 vulnerabilities per minute.<\/strong> That\u2019s what Astra found across thousands of tests in 2025, including in healthcare systems where data sensitivity is highest.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The report shows that <strong>web apps alone accounted for 96% of all discovered issues<\/strong>, and most weren\u2019t high-profile zero-days but basic misconfigurations, missing headers, and exposed personally identifiable information (PII).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The <em>State of Continuous Pentesting 2025<\/em> reveals what security debt really looks like in regulated industries:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Manual pentests uncovered <strong>1997% more unique issues<\/strong> than scanners<\/li>\n\n\n\n<li><strong>$2.88B in potential losses prevented<\/strong>, including critical patient data exposures<\/li>\n\n\n\n<li>Common flaws like OTP leakage, SQLi, and weak access controls still top the charts<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Compliance doesn\u2019t equal security. The risks are more layered (and more preventable) than you think.<\/p>\n\n\n<div class=\"gb-container gb-container-e7c5d7cf\">\n<div class=\"gb-container gb-container-ab421196\">\n\n<div class=\"gb-headline gb-headline-4ab8b3a2 gb-headline-text\">Critical vulnerabilities are up 83%\u2014but they\u2019re just the tip of the iceberg. <span style=\"color:#3078FE;\">Discover how attackers are chaining low-severity issues into high-impact exploits.<\/span><\/div>\n\n\n<div class=\"gb-container gb-container-3fe8d7c6\">\n\n<a class=\"gb-button gb-button-d64ca209 gb-button-text\" href=\"https:\/\/www.getastra.com\/reports\/state-of-continous-pentesting-insights\/2025\" target=\"_blank\" rel=\"noopener noreferrer\">Download the Report<\/a>\n\n<\/div>\n<\/div>\n\n<div class=\"gb-container gb-container-6a88c5dd\">\n<div class=\"gb-container gb-container-138f55b1\">\n<div class=\"gb-container gb-container-22c8a380\">\n<div class=\"gb-container gb-container-c1f45f6d\">\n\n<figure class=\"gb-block-image gb-block-image-daf3dd39\"><img loading=\"lazy\" decoding=\"async\" width=\"1646\" height=\"1805\" class=\"gb-image gb-image-daf3dd39\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/09\/4b5722b6-girlone.png\" alt=\"\" srcset=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/09\/4b5722b6-girlone.png 1646w, \/cdn-cgi\/image\/width=1401,height=1536,fit=crop,quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/09\/4b5722b6-girlone.png 1401w\" sizes=\"auto, (max-width: 1646px) 100vw, 1646px\" \/><\/figure>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Healthcare_Data_Breach_Statistics_%E2%80%93_2026\"><\/span><strong>Healthcare Data Breach Statistics &#8211; 2026<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This section will take a deep dive into general statistics for a data breach in healthcare, statistics based on the type of incidents as well as statistics of healthcare breaches based on the cost. Lastly, it will also mention detailed statistics of data breaches that rattled the healthcare industry.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Healthcare Data Breach Statistics By Year<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/Statistics-Template-12.png\" alt=\"\" class=\"wp-image-23956\" style=\"width:446px;height:446px\"\/><\/figure>\n<\/div>\n\n\n<ul class=\"wp-block-list\">\n<li>There was a 75.6% chance of a breach of at least 5 million records in the year 2023.<\/li>\n\n\n\n<li>The third<a href=\"https:\/\/blog.checkpoint.com\/2022\/10\/26\/third-quarter-of-2022-reveals-increase-in-cyberattacks\/\" target=\"_blank\" rel=\"noopener\"> quarter of 2022<\/a> saw 1 in 42 healthcare organizations targeted by ransomware attacks.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/www.thetechoutlook.com\/news\/technology\/security\/onetouchpoint-disclose-a-recent-data-breach-impacting-more-than-30-healthcare-providers-and-health-insurance-companies\/\" target=\"_blank\" rel=\"noopener\">OneTouchPoint<\/a> reported a breach in July 2022 that affected nearly <strong>2,651,396 individuals<\/strong>.<\/li>\n\n\n\n<li>Nearly 93% of healthcare organizations have experienced a data breach in the past three years according to Herjavec Group\u2019s <a href=\"https:\/\/www.herjavecgroup.com\/wp-content\/uploads\/2019\/12\/Healthcare-Cybersecurity-Report-2020.pdf\" target=\"_blank\" rel=\"noopener\">2020 Healthcare Cybersecurity Report<\/a> and 57 percent have had more than five data breaches during the same timeframe.&nbsp;<\/li>\n\n\n\n<li>2020 saw nearly 240 million hacking attempts with Cerebro accounting for 58% of threats, Sodinokibi at 16%, and VBCrypt at 14%.&nbsp;<\/li>\n\n\n\n<li>A report from the American Journal of Managed Care revealed that hospitals spend 64% more annually on advertising after a breach.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/www.theverge.com\/2019\/4\/4\/18293817\/cybersecurity-hospitals-health-care-scan-simulation\" target=\"_blank\" rel=\"noopener\">Sutter Health,<\/a> a Northern California healthcare system was hit by around 87 million cyber threats in 2018.&nbsp;<\/li>\n\n\n\n<li>More than 2100 healthcare data breaches have been reported since 2009.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">How many healthcare records were exposed between March 2021 and February 2022?<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">95% of all identity theft stems from stolen hospital records. Data breaches exposed at least 42 million records between March 2021 and February 2022. <a href=\"https:\/\/www.hipaajournal.com\/healthcare-data-breach-statistics\/\" target=\"_blank\" rel=\"noopener\">Healthcare statistics by HIPAA<\/a> revealed that healthcare cybersecurity incidents fell by 8% in February 2022 but still faced 46 incidents affecting 2.5 million people.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Increase in data breaches in healthcare industry between 2019-2021<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.fintechnews.org\/the-2020-cybersecurity-stats-you-need-to-know\/\" target=\"_blank\" rel=\"noopener\">27% of cyberattacks<\/a> during COVID-19 targetted banks or healthcare organizations. 2020 saw a 58% increase in healthcare industry targetted data breaches. Data breaches in healthcare went up by 42% since 2020 having the highest breach costs for the 12th year in a row. The Healthcare sector saw a 60% increase in attacks from 2021 with an average of 1426 attacks per week.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">General Stats for Security Breaches in Healthcare&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/Statistics-Template-10.png\" alt=\"\" class=\"wp-image-23953\" style=\"width:446px;height:446px\"\/><\/figure>\n<\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.hipaajournal.com\/healthcare-email-fraud-attacks-have-increased-473-in-2-years\/\" target=\"_blank\" rel=\"noopener\">67% of healthcare<\/a> organizations experienced attacks using lookalike domains.&nbsp;<\/li>\n\n\n\n<li>34% of data breaches in healthcare organizations came in the form of authorized access or disclosure.&nbsp;<\/li>\n\n\n\n<li>The chances of another Anthem-sized breach (80+ million records) within the next three years is at 25.7%.<\/li>\n\n\n\n<li>The report, released by Singapore-based Cyber Risk Management (CyRiM) believes healthcare will be one of the industries most affected by hackers having lost over lost $25 billion alone last two years.<\/li>\n\n\n\n<li>Nearly 80 million people were affected by the Anthem Breach.<\/li>\n\n\n\n<li>Globally known medical bodies like the CDC (US\u2019s Centre For Disease Control) and the UN\u2019s WHO (World Health Organization) were impersonated to carry out a variety of scams during the pandemic.&nbsp;<\/li>\n\n\n\n<li>The U.S. pharma company<a href=\"https:\/\/www.thehindu.com\/sci-tech\/technology\/us-pharma-giant-suffers-data-breach-exposes-private-data-of-drug-users\/article32918868.ece\" target=\"_blank\" rel=\"noopener\"> Pfizer<\/a> mistakenly leaked private data of the country\u2019s prescription drug users in a data breach caused due to unsecured cloud storage.<\/li>\n\n\n\n<li>The <a href=\"https:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC5461132\/\" target=\"_blank\" rel=\"noopener\"><strong>National Health Service<\/strong><\/a><strong> (NHS) suffered a $100 million loss<\/strong> due to the WannaCry ransomware attack.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">90% of healthcare organizations face at least 1 security breach with 30% of it occurring in large hospitals.<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">90% of healthcare institutions have experienced at least one security breach in the previous few years. 30% of most data breaches occur in large hospitals with a record of exposing patients\u2019 private health information.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Ransomware and device vulnerabilities resulting in longer hospital stays<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Medical devices are on average reported to have 6 vulnerabilities at least 60% of them being at the end-of-life stage. <a href=\"https:\/\/www.herjavecgroup.com\/wp-content\/uploads\/2021\/10\/2021-Healthcare-Cybersecurity-Report.pdf\" target=\"_blank\" rel=\"noopener\">A survey conducted<\/a> revealed that nearly 70% of healthcare organizations saw longer hospital stays and delays in procedures due to ransomware attacks.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Triggering causes for healthccare-related cyber insurance claims<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">In the case of healthcare-related cyber insurance claims, the triggering causes were:&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Malicious data breach- 18%<\/li>\n\n\n\n<li>Accidental data breach- 29%<\/li>\n\n\n\n<li>Ransomware- 8%<\/li>\n\n\n\n<li>Stolen\/Lost devices- 16%<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">Data breaches in teaching and pediatric hospitals<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">6 percent of pediatric hospitals reported data breaches. At least 18% of teaching hospitals experienced a data breach. Thus the healthcare and finance industries, remain the most popular targets at 15% and 10% respectively.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">47% of healthcare data breaches stem from IT incidents through malicious or third-party insiders with advanced permissions<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">47% of healthcare data breaches come from hackers or various IT incidents. 66% of organizations consider malicious insider attacks or accidental breaches more likely than external attacks. Third-party insiders are also a risk factor with 94% of organizations working with outsourcing companies having given them system access. 72% have advanced permissions.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Doctors prone to committing serious data breaches by 50%, 24% can\u2019t identify signs of malware<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Doctors in the \u201crisk\u201d category were at 50%, making them likely to commit a serious data breach. 24% of physicians couldn\u2019t identify the common signs of malware. Up 162% over the past three years, unauthorized access is already a massive issue. Nevertheless, it is still growing at an astounding rate.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">The healthcare industry gets 54% for cyber assurance, breaches are identified months later by 39% of organizations.<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Awareness of an occurrence of a breach happened months after the initial event in the case of 39% of healthcare organizations. The cybersecurity report by Tenable gave the healthcare industry a 54% grade when it came to cyber assurance.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Healthcare invests less than 6% in cybersecurity, healthcare jobs take 70% longer than IT jobs.&nbsp;<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The healthcare industry invests less than 6% of its budget on cybersecurity while the US spends 16% of its federal budget on cybersecurity. Healthcare cybersecurity jobs take longer to get filled when compared to IT cybersecurity jobs by 70%.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">67% of the public thinks hospitals should be mandated by law to train staff on proper cybersecurity behavior<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">82% of organizations can\u2019t determine the actual damage from an insider attack according to PwC. A survey conducted by<a href=\"https:\/\/www.healthcareitnews.com\/news\/europe\/risk-between-chair-and-keyboard\" target=\"_blank\" rel=\"noopener\"> PwC on the public<\/a> in Germany revealed that 67% thought hospitals should be forced by law to train their staff on cybersecurity and its proper behavior.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">38 million records were exposed online with contact tracing information<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The exposed data was stored in <a href=\"https:\/\/www.wired.com\/story\/microsoft-power-apps-data-exposed\/\" target=\"_blank\" rel=\"noopener\">Microsoft\u2019s Power Apps portal service<\/a>. The mistakenly exposed data contained employee databases, vaccination sign-ups, and statuses, as well as people\u2019s addresses and phone numbers.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Data_Breach_Statistics_Based_on_Type_of_Incident\"><\/span>Data Breach Statistics Based on Type of Incident<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The most common causes of data breaches in the healthcare industry are phishing attacks, ransomware attacks, and business email compromise attacks (BEC).&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Phishing<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/Statistics-Template-11.png\" alt=\"healthcare phishing statistics\" class=\"wp-image-23955\" style=\"width:446px;height:446px\"\/><\/figure>\n<\/div>\n\n\n<ul class=\"wp-block-list\">\n<li>88% of healthcare workers opened phishing emails.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/phishing-attack-statistics\/\">Phishing<\/a> and other forms of cyber attacks have seen a 75% increase in 2021.<\/li>\n\n\n\n<li>The HIMSS survey revealed that 36% of non-acute care organization representatives claimed that their organization did not conduct phishing tests.<\/li>\n\n\n\n<li>A report analyzed by Health IT revealed that nearly 24% of health employees in the U.S. hadn\u2019t received any cybersecurity awareness training to help identify phishing scams.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Ransomware<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&nbsp;74% of ransomware attacks were aimed at hospitals, and 26% at secondary institutions like dental services and nursing homes.&nbsp;<\/li>\n\n\n\n<li>It was estimated that ransomware attacks would quadruple from 2017 to 2020 and grow 5x by 2021.&nbsp;<\/li>\n\n\n\n<li>2020 saw nearly 560 healthcare facilities fall victim to ransomware attacks.&nbsp;<\/li>\n\n\n\n<li>8% of healthcare data breach claims were triggered by ransomware attacks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Business Email Compromise<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A 2019 survey by <a href=\"https:\/\/www.healthcareitnews.com\/news\/europe\/risk-between-chair-and-keyboard\" target=\"_blank\" rel=\"noopener\">HIMSS Cybersecurity<\/a> revealed that nearly 60% of hospital representatives and healthcare IT professionals said that emails were the most common cause of data compromise.&nbsp;<\/li>\n\n\n\n<li>Healthcare email frauds have seen exponential growth at 473%.&nbsp;<\/li>\n\n\n\n<li>Healthcare organizations were targeted at an average of 96 email frauds every quarter.&nbsp;<\/li>\n\n\n\n<li>70% of the fraud emails to healthcare institutions were sent during office timings between 7 A.M. and 1 P.M.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Detailed_Healthcare_Data_Breach_Statistics\"><\/span>Detailed Healthcare Data Breach Statistics<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Here are some of the major healthcare data breaches that occurred till now:&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>1. OneTouchPoint<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">OneTouchPoint reported a massive data breach that affected over 1,073,316 individuals in mid-July of 2022.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The breach occurred due to unauthorized access to certain servers that contained information such as names, member IDs, and data from health assessments.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">More than 35 different organizations were affected by the breach including <a href=\"https:\/\/healthitsecurity.com\/news\/geisinger-kaiser-permanente-35-others-impacted-by-third-party-vendor-data-breach\" target=\"_blank\" rel=\"noopener\">Anthem ACE, Geisinger, Kaiser<\/a> Permanente, and Humana.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2. Shields Health Care Group<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The Shields healthcare data breach is the largest data breach reported in 2022. Shield Health Care Group, a Massachusetts-based company detected suspicious network activity on March 28th of 2022.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Further inquiry revealed that a malicious actor gained access to certain Shields systems. It affected major partners like Tufts Medical Center and UMass Memorial MRI.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The data breach affected over 2 million individuals revealing their social security numbers, diagnoses, billing information, medical records, and PII like addresses, dates of birth, patient IDs, and more.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3. Novant Health<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/healthitsecurity.com\/news\/novant-health-notifies-patients-of-unauthorized-phi-disclosure-caused-by-meta-pixel\" target=\"_blank\" rel=\"noopener\">Novant Health reported<\/a> that a misconfiguration in Meta pixel code potentially led to the unauthorized disclosure of protected health information (PHI) of 1,362,296 individuals.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Meta, Facebook\u2019s parent company faces two lawsuits in lieu of this since the evidence was found that improper configuration of Meta Pixel has led to the disclosure of sensitive information to Meta.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Novant Health notified its patients and physicians and facilities regarding the possibility of information disclosure. However, there was no reported usage of the disclosed information by Meta or any third party.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>4. Broward Health<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/browardhealth.org\/pages\/data-incident\" target=\"_blank\" rel=\"noopener\">Broward Health<\/a> based in Florida reported a data breach affecting 1.35 million people on January 2nd of 2022.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It was reported that the breach occurred through gaining access from a third-party medical provider.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The health system said the intruders accessed private data including patient names, dates of birth, and Social Security numbers.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>5. Baptist Medical Center<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Tenet Healthcare-affiliate <a href=\"https:\/\/response.idx.us\/additional-information\/\" target=\"_blank\" rel=\"noopener\">Baptist Medical Center<\/a> suffered a cyberattack on April 24th, 2022 affecting 1.24 million individuals.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An unauthorized party gained access to certain systems that contained personal information and took some data between March 31 and April 24.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The information may have included dates of birth, Social Security numbers, health insurance information, other medical data, and billing and claims information.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>6. Farrer Park Hospital<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Singapore-based <a href=\"https:\/\/www.channelnewsasia.com\/singapore\/farrer-park-hospital-data-breach-pdpc-medical-information-3089466\" target=\"_blank\" rel=\"noopener\">Farrer Park Hospital<\/a> had a breach that spanned over two years between March 8, 2018, and Oct 25, 2019. The confidential medical information of 2000 individuals was automatically forwarded to a third party.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The hospital notified the commission about the breach in July 2020 after receiving a complaint in October 2019.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Among the 3,539 past, present or prospective patients whose personal data was leaked, 1,923 people had their medical information disclosed as well.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>7. Texas Tech University Health Sciences Center<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This<a href=\"https:\/\/www.fox34.com\/2022\/06\/17\/ttuhsc-patients-notified-third-party-data-security-breach\/\" target=\"_blank\" rel=\"noopener\"> science center<\/a> was hit by a data breach due to a hacking incident that was reported on June 7, 2022. The breach affected over 1,29 million people.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The breach involved information held by Eye Care Leaders, Inc., a third-party service provider of an electronic medical records system used by Texas Tech\u2019s health sciences center.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Some of the records included names, birthdates, Social Security numbers, and other medical record data.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>8. Anthem<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Anthem_medical_data_breach#:~:text=On%20February%204%2C%202015%2C%20Anthem,identifiable%20information%20from%20its%20servers\" target=\"_blank\" rel=\"noopener\">Anthem disclosed<\/a> on February 2015 that criminal hackers broke into its servers stealing over 37.5 million records that contain personally identifiable information.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">80 million company records were hacked. The compromised information contained names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses, employment information, and income data.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Healthcare_Data_Breach_Cost_Statistics\"><\/span><strong>Healthcare Data Breach Cost Statistics<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/Statistics-Template-13.png\" alt=\"\" class=\"wp-image-23957\" style=\"width:446px;height:446px\"\/><\/figure>\n<\/div>\n\n\n<ul class=\"wp-block-list\">\n<li>A recent study found that the average cost of a data breach is $ 4.24 million.&nbsp;<\/li>\n\n\n\n<li>Healthcare data breaches cost an average of $408 per record, which is three times higher than the cross-industry average of $148 per record.<\/li>\n\n\n\n<li>The total spending on healthcare will rise to $5.61 billion by 2025 through the integration of blockchain technology.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Ransomware cost to the healthcare industry since 2016<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Ransomware attacks have healthcare providers in the US causing a total loss of $157 million since 2016. The year 2019 was estimated to have cost $ 25 billion for the healthcare industry due to ransomware attacks.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">What is the average cost of healthcare data breaches?<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">$10.10 million was the average cost of a data breach in the healthcare industry.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp;The average cost of a healthcare data breach surpassed the general average of $ 9.23 million per incident. An average of $ 9.3 million was the cost of healthcare data breaches per incident in 2021.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">&nbsp;Ransom payout in Q1 of 2022 was 34% less than fourth quarter of 2021<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The total ransomware demand for the period accounted for $16.48 million out of which healthcare providers paid only $ 640,000. The average ransom payout in the first quarter of 2022 was $211,259, 34% less than the fourth quarter of 2021.&nbsp;&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">$ 7 billion is lost annually due to stolen PHI in the U.S.A.&nbsp;<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">An estimated US $7 billion has been lost due to stolen PHI in the US healthcare industry annually. With costs of $408 per record, healthcare data breaches cost the highest in any industry.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><strong>Conclusion<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This article has provided a detailed compilation of healthcare data breach statistics for 2026. It has included relevant statistics revealing the costs of a data breach, specific incidents, and general healthcare cybersecurity statistics that one needs to consider.&nbsp;<\/p>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1680620556713\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">Why are there so many more data breaches in the healthcare sector than in other sectors?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>The healthcare sector stores an abundance of data in terms of health, medications, and personal information making it an ideal target for malicious attacks.\u00a0<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1680621174194\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">How can healthcare organizations mitigate data breaches?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Healthcare organizations can mitigate data breaches by conducting regular risk assessments, upgrading cybersecurity measures whenever possible, and ensuring stringent compliance with regulatory standards like HIPAA and GDPR. Beyond infrastructure security, healthcare organizations running digital advertising campaigns must also consider privacy risks associated with third-party tracking technologies. This includes complying with <a href=\"https:\/\/www.customerlabs.com\/blog\/meta-data-sharing-restrictions-what-it-means-for-health-brands\" target=\"_blank\" data-type=\"link\" data-id=\"https:\/\/www.customerlabs.com\/blog\/meta-data-sharing-restrictions-what-it-means-for-health-brands\" rel=\"noreferrer noopener\">Meta data sharing restrictions<\/a>, which regulate how patient-adjacent behavioral data collected through pixels and conversion events can be shared with Meta\u2019s advertising systems.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1680621201074\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">How does the number of data breaches in the healthcare sector compare with other sectors?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Statistics show that <strong>30%<\/strong> of all large data breaches occur in hospitals when compared to other industries.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Statistics for data breaches in healthcare reveal that 30% of all large data breaches occur in hospitals. 51% of healthcare organizations reported an increase in data breaches since 2019.&nbsp; The first half of 2022 saw 337 breaches which affected 19,992,810 individuals.&nbsp; With hospitals now experiencing the largest number of data breaches continuously for the past &#8230; <a title=\"80+ Healthcare Data Breach Statistics 2026\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/security-audit\/healthcare-data-breach-statistics\/\" aria-label=\"Read more about 80+ Healthcare Data Breach Statistics 2026\">Read more<\/a><\/p>\n","protected":false},"author":106,"featured_media":23845,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[340,695],"tags":[],"class_list":["post-23842","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-audit","category-statistics"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/23842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/106"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=23842"}],"version-history":[{"count":10,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/23842\/revisions"}],"predecessor-version":[{"id":47038,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/23842\/revisions\/47038"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/23845"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=23842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=23842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=23842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}