Over the past decade, the healthcare industry has undergone a major shift from paper records to electronic health records (EHRs). In 2008, fewer than half of healthcare organizations used EHR systems. Today, thanks to the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), digital records are now the standard across hospitals, clinics, and physician offices. While EHR adoption has modernized healthcare operations and improved patient care, it has also introduced new cybersecurity Security Breaches . As healthcare organizations store increasing amounts of sensitive patient information online, the risk of healthcare security breaches has grown significantly.
Since the HITECH Act strengthened penalties for noncompliance, the number of reported healthcare breaches has risen steadily. In 2010 alone, the number of reported incidents exceeded the total from the previous six years combined. Although the spike was initially attributed to rapid EHR adoption, it is now clear that several factors contribute to the growing risk of healthcare security breaches. With the widespread use of digital tools—including smartphones, cloud storage, connected medical devices, and complex network systems—cybersecurity threats in healthcare have become more sophisticated. Understanding the causes of healthcare security breaches is essential for protecting electronic protected health information (ePHI) and strengthening healthcare cybersecurity defenses.
Understanding the Data Behind Healthcare Security Breaches
To understand the scale of healthcare cybersecurity challenges, it is important to examine the data. Looking at breach statistics helps organizations identify patterns, understand vulnerabilities, and develop more effective security strategies.
Key metrics that reveal the scope of healthcare security breaches include:
-
The number of reported healthcare security breaches each year
-
The average number of patient records exposed annually
-
The most common causes of healthcare security breaches
-
The largest healthcare data breaches in recent history
By analyzing these trends, healthcare organizations can better identify risks and implement targeted cybersecurity measures to reduce the likelihood of breaches.
Number of Reported Healthcare Security Breaches
In 2018, the healthcare industry experienced an average of one reported security breach per day involving more than 500 exposed records. This represents a dramatic increase compared to a decade earlier, when breaches occurred only once or twice per month.
Below is a snapshot of reported healthcare security breaches over time:
2009: 18 reported breaches
2010: 199 reported breaches
2012: 218 reported breaches
2014: 314 reported breaches
2016: 327 reported breaches
2018: 365 reported breaches
These numbers highlight how the rapid adoption of electronic health records often occurred without sufficient attention to cybersecurity. After the passage of the HITECH Act, healthcare organizations and their business associates were required to adopt EHR systems or face penalties. In many cases, compliance requirements were prioritized over strong security protections.
Despite advances in cybersecurity technology, reported healthcare security breaches have continued to rise, revealing persistent vulnerabilities across the healthcare sector.
How Many Records Are Exposed in Healthcare Security Breaches?
In addition to the number of breaches, it is also important to examine the number of exposed patient records each year. The volume of compromised data often varies dramatically depending on the scale of individual incidents.
Notable examples include:
2012: 2.8 million exposed records
2015: 113 million exposed records
2016: 16 million exposed records
2017: 5.1 million exposed records
2018: 13 million exposed records
The dramatic spike in 2015 demonstrates how a few large incidents can significantly increase the number of exposed records in a single year. This variability makes it difficult to determine whether overall healthcare data security is consistently improving.
How Phishing Leads to Healthcare Security Breaches
Before 2015, cybercriminals primarily targeted credit card information in industries such as retail and finance. However, as social security numbers became more valuable on the black market, healthcare organizations became prime targets due to the large amounts of personal data they store.
One of the most common attack methods used in healthcare security breaches is phishing.
Phishing is a form of social engineering in which attackers trick employees into revealing sensitive information such as usernames, passwords, or login credentials. These attacks often involve deceptive emails that appear to come from legitimate sources.
For example, attackers may create email addresses that visually resemble legitimate ones by combining characters such as “r” and “n” to mimic the letter “m.” An unsuspecting employee who clicks a malicious link and enters login credentials may unknowingly provide attackers with access to the organization’s network.
Phishing attacks played a significant role in the massive spike in healthcare data exposure in 2015 and remain one of the leading causes of healthcare security breaches today.
Email Security Improvements in Healthcare
Phishing attacks rarely occur as isolated events. Even when strong security systems are in place, a single employee mistake can compromise an entire network.
In 2015, phishing attacks against Anthem and Premera Blue Cross resulted in hackers bypassing security controls and exposing 89.8 million of the 113 million healthcare records breached that year.
Following these incidents, many healthcare organizations strengthened their email security programs. These improvements included:
-
Employee cybersecurity awareness training
-
Stronger authentication requirements
-
Advanced email filtering systems
-
Enhanced phishing detection tools
Improving email security remains one of the most effective ways to reduce healthcare security breaches, since email continues to serve as a primary entry point for cyberattacks.
Top Causes of Healthcare Security Breaches
Although phishing was responsible for many incidents in 2015, healthcare security breaches occur for several different reasons. Across the healthcare industry, the most common causes include:
-
Hacking and IT incidents – cyberattacks that exploit vulnerabilities in systems or networks
-
Unauthorized access and disclosure – individuals accessing sensitive data without proper authorization
-
Theft of equipment or records – stolen laptops, devices, or physical records containing protected health information (PHI)
-
Loss of records or devices – accidental misplacement of devices storing sensitive information
-
Improper disposal of PHI and ePHI – failure to securely destroy records or electronic devices
Understanding these causes allows healthcare organizations to implement stronger controls and reduce the likelihood of healthcare security breaches.
Hacking and IT Incidents in Healthcare Security Breaches
Hacking and IT-related incidents include phishing attacks, malware infections, ransomware attacks, and other forms of cyber intrusion.
The number of hacking-related healthcare security breaches has increased significantly since 2010.
2010: 8 reported incidents
2012: 16 reported incidents
2014: 35 reported incidents
2016: 113 reported incidents
2017: 147 reported incidents
2018: 158 reported incidents
In 2018 alone, hacking incidents exposed 9.1 million records, accounting for approximately 70% of all healthcare records compromised that year. These figures highlight the significant role cyberattacks play in healthcare security breaches.
Unauthorized Access in Healthcare Security Breaches
Unauthorized access and disclosure represent the second most common cause of healthcare security breaches. These incidents often involve employees or insiders who intentionally or accidentally access patient information without proper authorization.
In 2018, unauthorized access incidents accounted for approximately 3 million exposed records, representing about 23% of the total healthcare records breached that year.
Preventing these incidents requires strong access controls, continuous monitoring, and strict data governance policies.
Theft, Loss, and Improper Disposal of Healthcare Data
A smaller percentage of healthcare security breaches occur due to theft, loss, or improper disposal of equipment containing sensitive data.
Examples include:
-
Unencrypted laptops stolen from vehicles
-
Accessing patient data through unsecured public networks
-
Improper disposal of devices containing PHI
Healthcare organizations can reduce these risks through employee training, device encryption, and strict security policies.
Reported theft and loss incidents have decreased over time:
2010: 148 incidents
2012: 138 incidents
2014: 143 incidents
2015: 105 incidents
2016: 78 incidents
2017: 73 incidents
2018: 55 incidents
In 2018, these incidents exposed just over 1 million healthcare records.
Where Healthcare Security Breaches Occur
Understanding where breaches occur can help healthcare organizations prioritize their security investments.
In 2018, healthcare security breaches affecting PHI and ePHI occurred primarily in the following locations:
Email: 122 incidents
Paper records: 81 incidents
Network servers: 74 incidents
Desktop computers: 34 incidents
Laptops: 27 incidents
Electronic medical records systems: 27 incidents
Portable devices including smartphones: 21 incidents
These statistics show that while mobile devices are often blamed for breaches, most incidents actually occur through email systems, paper records, and network servers.
Largest Healthcare Security Breaches in History
Some healthcare cybersecurity incidents have exposed millions of patient records.
Examples include:
Anthem Inc (2015): 78.8 million records exposed
Premera Blue Cross (2015): 11 million records exposed
Excellus Health Plan (2015): 10 million records exposed
Science Applications International Corp (2011): 4.9 million records lost
UCLA Health (2015): 4.5 million records exposed
Community Health Systems (2014): 4.5 million records exposed
Advocate Medical Group (2013): 4 million records exposed
Medical Informatics Engineering (2015): 3.9 million records exposed
Banner Health (2016): 3.6 million records exposed
Newkirk Products (2016): 3.5 million records exposed
These incidents demonstrate the potential scale and impact of healthcare security breaches.
HIPAA Penalties for Healthcare Security Breaches
To discourage violations and encourage stronger security practices, HIPAA enforces penalties based on the severity of compliance failures.
Tier 1: Up to $25,000 per year – violation occurred unknowingly but corrective action was taken
Tier 2: Up to $100,000 per year – violation occurred unknowingly without corrective action
Tier 3: Up to $250,000 per year – violation due to willful neglect but corrected within 30 days
Tier 4: Up to $1,500,000 per year – violation due to willful neglect with no corrective effort
Healthcare organizations must implement strong security controls, employee training programs, and regulatory compliance strategies to avoid these penalties.
How to Prevent Healthcare Security Breaches
Healthcare organizations and their business associates must maintain HIPAA-compliant data security to protect patient information and avoid costly penalties.
One effective approach is adopting recognized cybersecurity frameworks that incorporate HIPAA requirements, such as the HITRUST Common Security Framework (CSF).
The HITRUST CSF provides a comprehensive framework for protecting sensitive healthcare data through administrative, technical, and physical safeguards.
Organizations can work with certified HITRUST assessors, such as the cybersecurity experts at RSI Security, to implement the framework effectively and reduce the risk of healthcare security breaches.
Overview of Healthcare Security Breaches
In today’s digital healthcare environment, cybersecurity is a critical priority. Electronic health records, cloud platforms, and connected medical devices have transformed healthcare operations but have also introduced new security risks.
Healthcare organizations must take proactive steps to prevent healthcare security breaches by implementing strong cybersecurity frameworks, training employees, and maintaining regulatory compliance.
By working with experienced cybersecurity experts RSI Security and adopting proven frameworks like HITRUST CSF, healthcare organizations can strengthen their defenses, protect sensitive patient data, and reduce the risk of future breaches.
Download Our HITRUST Checklist