Patient data breaches doubled, reaching 87M in 2023
Healthcare companies are increasingly falling victim to sophisticated hacking efforts, insider threats, and basic security flaws despite the highly confidential nature of patient data. As digital health records and connected care continue growing, the healthcare sector struggles to keep pace with modern data protection standards.
According to the data presented by the Atlas VPN team, 87 million patients in the United States had their information breached in 2023. That is more than twice as much as last year when 37 million people had their data exposed.
The data is based on the U.S. Department of Health and Human Services Office for Civil Rights. Health organizations must report any health data breaches that impact 500 or more people to the secretary, which makes them public.
In 2022, over 37 million patients in the U.S. had their personal information exposed by healthcare organizations. However, breaches have skyrocketed this year. Just in the first half of 2023, hackers stole the data of over 41 million people. The third quarter marked an even greater cause for alarm, with 45 million more patients impacted.
Overall, there have already been 480 reported data breaches across the healthcare sector in the first three quarters of 2023 alone. This compares to only 373 total breaches during the entirety of 2022, highlighting the alarming acceleration in attacks. Each new incident further erodes patient trust.
The largest data incident so far was the HCA Healthcare breach, which impacted 11 million people. The second most significant breach happened at Managed Care of North America. The company found that an unauthorized third party accessed certain systems and stole the data of 8.9 million individuals.
This exponential growth highlights the ease with which hackers can access sensitive data. Medical records contain many personal details, making them a prime target. Yet healthcare organizations have not prioritized modern cybersecurity defenses to match the sophistication of criminal efforts.
Most vulnerable states
While healthcare data breaches impact patients nationwide, analysis shows certain states have been affected more than others. Nobody is immune from data incidents, but reviewing breach impacts state-by-state highlights where cybersecurity requires urgent attention.
California tops the list with 43 healthcare organizations afflicted by data breaches so far this year. The state's massive population and concentration of healthcare providers likely make California a prime target.
New York comes in second, with 42 healthcare data breaches reported. As home to one of the biggest cities in the world, New York contains a valuable data trove for hackers.
Texas is third, with 38 healthcare entities experiencing breaches. Other states near the top include Massachusetts and Pennsylvania, with 31 and 30 breaches, respectively. The northeast is home to many top hospitals and research centers, appealing to cyber criminals.
Interestingly, Vermont remains the only state with no reported healthcare breaches in 2023. Vermont's small population and lack of major cities may allow it to fly under the radar of sophisticated hackers looking for maximum reward.
The sensitive nature of medical records makes them highly desirable targets for criminals, thus demanding the strongest security standards. Patients deserve to know their most personal information is safe, and providers must ensure that confidence. Healthcare has to view data protection as being just as critical as patient care.