Report: A quarter of Americans’ healthcare records have been breached

A new report revealed one-quarter of Americans’ healthcare data has been breached since 2020, among other trends. 

What happened

Data protection company Incogni recently completed a report analyzing medical data breaches. The company reviewed information from the Department of Health and Human Services and analyzed all resolved data breaches between January 2020 and March 2024. 

They discovered that since 2020, there have been 2,213 breaches impacting approximately 152.1 million individuals–nearly half of America’s population. 

Nearly a third of Americans may have also had their Social Security number stolen. Lastly, it was revealed that approximately one-quarter of Americans have had their treatment information stolen or breached.

Notably, many breaches are still under investigation, including the massive Change Healthcare data breach. On top of this, many organizations avoid reporting breaches, fearing financial or legal ramifications. Unfortunately, true numbers are likely even higher than what the report reveals.  

Going deeper

The report found that not all breaches are the same. Even though ransomware attacks were responsible for less than a third of all healthcare breaches, they made up 4 of the top 10 largest attacks. 

Incogni believes that ransomware attacks will likely increase. Since 2020, there have been 607 recorded attacks impacting approximately 58.8 healthcare profiles.

Researchers also determined what data was likely to be exposed in a given attack. Names were most likely to be exposed (it’s estimated that 85.31% of the population have had their names exposed), followed by addresses, Social Security information, and birth dates. Less commonly exposed information included financial information, photographs, demographic information, and ethnicity. 

Out of the 2213 breaches included in the report, researchers found that: 

• 71% of breaches began with healthcare providers
• 15.9% of breaches began with business associates
• And 12.9% of breaches began with health plans

Finally, the report determined that hacking and IT incidents were the most common reasons for a breach. The most common breach source was through network services, but breaches also frequently occurred through email (approximately 15.4%). 

The big picture

Considering the number of breaches Paubox covers, the results aren’t surprising, but they are still alarming. While breaches are impacting a significant number of Americans, what can become more concerning is when an individual is victimized multiple times, resulting in more data stolen which can increase the likelihood of identity theft. 

Every breach matters–not just to patients, but to hospitals, business associates, and health plans. Breaches can have costly consequences, hurting healthcare organizations' reputations and leading to lawsuits, penalties, and more. Yet with the right technology, breaches can be prevented and quickly mitigated if they do take place. 

Related: HIPAA Compliance: The Definitive Guide