Hospital Data Breaches & Healthcare Cybersecurity Statistics 2022

Last Updated: July 26, 2022
Let’s discuss the key healthcare cybersecurity statistics and hospital data breaches that you should know.
Hospital Data Breaches & Healthcare Cybersecurity Statistics
EarthWeb is reader-supported. When you buy through links on our site, we may earn an affiliate commission.

The following healthcare cybersecurity statistics in 2022 will be interesting, with a few surprising ones and some facts about hospital data breaches.

You will read the facts, figures, and statistics related to data breaches in the healthcare industry. 

If nothing else, you will learn how often this happens, and how it affects your sensitive information, or if it impacts your sensitive information.

We will uncover some of the protocols, the medical centers, and offices that handle your information.

Some of these facts may be a bit scary, while others will be comforting and give you some level of peace of mind at how your data is handled.

You should also learn how to better protect yourself if hospital data breaches compromise your confidential data. 

In just the past 10 years, there have been more than 2,550 healthcare and hospital data breaches that have impacted millions of medical records.

None of these data breaches rank higher than any other (it’s not a competition) but, the very nature of these kinds of cybersecurity breaches makes them all very serious.

Let’s discuss the key healthcare cybersecurity statistics and hospital data breaches that you should know in 2022.

Resource Contents show

Key Healthcare Cybersecurity Statistics 2022

  • The healthcare industry is one of the top most targeted sectors for cyberattacks.
  • A whopping 88% of healthcare staff opened phishing emails. 
  • In 2001, healthcare data beaches achieved an all-time high.
  • In January 2021, hospital data breaches in America dropped by 48%.
  • 24% of doctors don’t know the basics about malware.
  • About 4 out of every 10 healthcare organizations discover hospital data breaches months after they happen. 
  • Nearly half of all hospital data breaches result from IT events or hackers.
  • It’s estimated that between 60% and 80% of all data breaches are not reported.
  • An alarming 26.4 million records were breached in 2020.
  • Healthcare organizations have decreased their budgets by 10% despite growing concerns about security vulnerabilities.

Common and Broad Healthcare Cybersecurity Statistics 2022

The following common facts and figures regarding hospital data breaches will show how vulnerable this sector is to cyberthreats. 

This is a massive threat to all healthcare providers because cyberattacks tend to delay patient care and negatively impact patient trust in the system. 

In spite of the efforts of healthcare providers to implement high-level security protocols and policies, medical industry data breaches are running amok all over this sector.

1. The Healthcare Industry Is One of The Top Most Targeted Sectors for Cyberattacks.

Hospitals represent 30% of large-scale hospital data breaches.

This is out of thousands of healthcare facilities and organizations that represent the top targets, according to healthcare cybersecurity statistics. 

This data came from a study that occurred from 2009 to 2016.

The conclusion stated that hospitals need to engage in routine audits to consistently check for security vulnerabilities before data breaches happen. 

Also, as technology evolves, security measures should also evolve to prioritize patient privacy.

2. A Whopping 88% of Healthcare Staff Opened Phishing Emails. 

Only 18% of healthcare workers could identify phishing emails. However, doctors are three times worse at recognizing this cybersecurity threat.

The odds of data breaches at your healthcare facility are higher than ever. The jobs of all healthcare workers are already hectic and tedious.

However, it has become obvious that more education is necessary to help prevent more hospital data breaches

in healthcare organizations. 

After all, security and privacy protocols are only able to do so much of the work.

3. In 2021, Healthcare Data Breaches Achieved an All-Time High.

Healthcare cybersecurity statistics revealed that 45 million people were impacted by healthcare cyber attacks.

In 2020, that number was 34 million, so unfortunately, these attacks are on the rise. 

These cyberattacks exposed record amounts of protected health information (PHI) of patients among the 45 million affected by these data breaches. 

These attacks came from a variety of forms of cyberattacks like phishing, ransomware, and other kinds of attacks.

4. In January 2021, Hospital Data Breaches in America Dropped by 48%.

This is something that should provide you with a little peace of mind.

The healthcare industry in America experienced almost half as many data breaches when compared to December 2020.

It went from 62 in December 2020 down to 32 in January 2021. 

The January figures reveal that about one breach incident occurred per day, which is nearly 50% less than just the month before.

In September 2020, these data breaches reached 95, which is about triple compared to January 2021. 

5. 24% of Doctors Don’t Know the Basics About Malware.

Without knowing the basics about malware, one cannot identify it.

Age could be a factor among some older physicians, but it’s still something that needs to be addressed across medical offices.

Doctors can learn about phishing, malware, and other forms of cybersecurity attacks to help prevent problems from their end of the spectrum.

It helps to have knowledgeable IT help with preventing and resolving such issues. 

6. About 4 out Of Every 10 Healthcare Organizations Discover Hospital Data Breaches Months After They Happen. 

Healthcare cybersecurity statistics show that around 39% of all hospital data breaches aren’t found for months.

Research shows that the average time it takes to find a data breach is around six months.

It’s the hope of any company or organization that they can discover data breaches quickly to mitigate the risk of sensitive data impacting the privacy of others.

Since at least 39% of data breaches in the healthcare sector aren’t discovered for up to six months, hackers have ample time to do plenty of harm until they are found out.

This is one of those shocking and scary stats about hospital data breaches.

7. Nearly Half of All Hospital Data Breaches Result from IT Events or Hackers.

According to HIPAA reports, hospital data breaches result from IT events to hackers 47% of the time.

The biggest problem facing healthcare organizations is the failure to keep up with the newest security protocols and software updates.

Plus, outdated data structures and systems have a negative impact on data security. 

Sometimes this means they need a full overhaul of their computer systems, both hardware and software.

The best way to reduce the issues of data breaches facing healthcare facilities every day is to keep their computers, hardware, and software updated and upgraded. 

With nearly 50% of these problems resulting from IT problems and hackers, imagine how just keeping up-to-date with their systems can mitigate this risk.

8. It’s Estimated that Between 60% and 80% of All Data Breaches Are Not Reported.

Healthcare cybersecurity statistics reveal that somewhere between 60% and 80% of all data breaches are unreported.

That’s a large chunk of the market where these incidents aren’t being reported.

While this isn’t specifically directed at hospital data breaches, they are as affected as anyone else, if not moreso, in this realm. 

9. An Alarming 26.4 Million Records Were Breached in 2020.

According to Rise Health, 26.4 million records were compromised in hospital data breaches in 2020.

These data breaches cost healthcare organizations $13.2 billion. In 2020, cyber attacks against the healthcare industry in America increased by 55%. 

A Biglass report from 2021, showed that the average cost for each breached record came to $499 in 2020.

Healthcare cybersecurity statistics also uncovered that 599 data breaches happened in 2020. Out of the 26.4 million records breached, 92% were compromised.

10. Healthcare Organizations Have Decreased Their Budgets by 10% Despite Growing Concerns About Security Vulnerabilities.

According to the Ponemon Institute, another 52% of healthcare organizations have kept their cybersecurity budget the same.

At a time when data breaches, especially in the healthcare industry, are so prevalent, why are they not ramping up their protocols?

The costs of data breaches are very high regarding money, but even higher regarding patient trust, security, and privacy.

This research from 2021 shows the need for increasing spending to mitigate data breach events. It would likely cost less in many ways.

11. An Estimated $7 Billion per Year Accounts for Stolen or Lost Phi.

Speaking of the costs associated with data breaches, the healthcare industry incurred annual costs of up to an estimated $7 billion.

What’s worse is that patients who have had their PHI lost or stolen are made susceptible to having their confidential medical records exposed, which can result in identity theft. 

Imagine what these hospital data breaches can cause for retired or disabled people living on limited and fixed incomes.

Sadly, it can take months to even years to find out if this has happened. 

12. Healthcare Cybersecurity Statistics Show that There Is Over a 25% Chance of Another Massive Breach Over the Next Three Years.

The Anthem breach has, thus far, been the largest reported data security breach in the healthcare industry. That breach affected nearly 80 million patient records.

How alarming is it that research shows a 25.7% chance of another breach of at least that size coming in the next three years.

Since this data comes from 2016, we may be due for that breach unless the healthcare industry works towards preventing it.

The truth is that healthcare security data breaches are happening more now than ever. 

As cyber attacks rise and evolve, more data breaches are likely to occur if healthcare organizations drop the ball by neglecting to update and upgrade their security protocols.

13. Data Shows that Healthcare Data Breach Costs Are the Highest Across All Industries.

At the highest costs of any industry, hospital data breaches are costing the healthcare industry $408 per breached record.

In 2017, the cost per record was $141. In 2018, that figure was $148 per record. 

The average cost in the financial sector accounts for $206 per record. The lowest cost is $75 per record and is in the public sector.

Glitches in a system account for $131 per record, and those caused by human errors account for $128 per record. 

These are the costs of resolving data breaches.

14. There’s About a Three-Quarters Chance that There Will Be a Data Breach of Five Million Records Over the Year.

Besides the 25.7% chance of an Anthem-sized data breach in the next three years, there is also a 75.6% chance that within the next year, five million records will be breached. 

That data is also from 2016, so  there were data breaches, especially in the healthcare industry that occurred, and impacted at least five million records.

When you calculate the average of $408 per record, the cost of resolving the matter could be over $2 billion.

15. Employee Negligence Causes 40% of All Data Breaches.

This doesn’t just affect hospital data breaches, but negligence plays a major role in data breaches across industries.

Don’t think that it’s on purpose, usually because it’s more human error than malicious. 

Accidental data breaches cost just as much as malicious cyberattacks. This occurs mostly due to the lack of awareness of taking security precautions in the workplace.

It’s not just phishing emails. It’s also people leaving their computers unlocked when they go to lunch, go on a break, or even leave work to go home. 

What seems like no big deal can cost your company more than $75 per record, depending on the industry.

16. The Number of Insider Cyber Threats Accounted for 4,716 Incidents in 2020.

According to Cisco Mag, insider threats took a 47% rise over two years.

In fact, industry experts claim that insider threats are the main worry for security leaders in companies.

Insider cyber threats are often due to employee negligence or accidental actions such as engaging with phishing emails. 

Insider threats may have grown due to more people working from home in remote jobs in companies where that was uncommon.

They were ill-prepared for this kind of crisis. Employees working at home are probably more relaxed and less worried about security issues that may arise.

17. In 2020, Ransomware Attacks Cost the Healthcare Industry $21 Billion.

According to healthcare cybersecurity statistics, 2020 was a huge year for ransomware attacks in the healthcare industry.

These medical offices and hospital data breaches cost the industry $21 billion to resolve.

During the pandemic, there was no time for security leaders and workers to drop the ball in any industry, much less healthcare organizations. With ransomware attacks getting more advanced and aggressive, cyber attackers are finding bigger targets to hit. 

18. 80% of Data Breaches Are Connected to Passwords.

A study by Verizon revealed that 4 out of 5 of 868 breaches where hacking was involved, passwords were the problem.

These breaches were either brute force attacks, or the use of lost or stolen identity credentials. 

You can mitigate this problem yourself, or within your healthcare organization by making sure that employees are using approved strong passwords that change or update every few weeks.

You can also implement two-factor authorization for extra protection.

The Most Alarming Hospital Data Breaches Stats 2022

Healthcare Cybersecurity

Because 2020 was such a huge year for hospital data breaches, according to healthcare cybersecurity statistics, the healthcare industry took a hit of $6 trillion to resolve and manage the issue.

19. In February 2020 Alone, 39 Healthcare and Hospital Data Breaches Occurred, Affecting Over 1.5 Million Records.

In only one month of 2020, over 1.5 million records were breached in hospital data breaches.

The HIPAA Journal broke down the February 2020 healthcare data breaches. 

These breaches include improper disposal, loss, theft, unauthorized access or disclosure, and hacking or an IT incident. 

The locations where these PHI breaches occurred included desktop computers, portable electronic devices, laptops, servers, networks, films, papers, and the largest group was from emails. 

The healthcare industry accounted for most of these February 2020 data breaches, according to healthcare cybersecurity statistics. 

20. The Top Two Biggest Targets for Hackers Include the Healthcare Industry at 15%, and The Finance Sector at 10%.

According to 2020 healthcare cybersecurity statistics, the healthcare sector was the hardest hit by hackers, costing $17.76 billion in medical office and hospital data breaches.

This was also true in 2019, but it grew exponentially in 2020. This problem isn’t expected to fade away anytime soon unless something more is done about it.

More research from ForgeRock shows that the highest data breaches occurred between January 2019 and March 2020.

That includes not only the number of breaches, but also the costs of reported breaches.

21. The Healthcare Industry Was Expected to Spend $65 Billion Increasingly Between 2017 and 2021 on Cybersecurity.

This figure translates to about $13 billion per year. Today, these numbers are expected to reach $15.25 billion by 2028, which is significantly more than the $11.17 billion spent in 2021. 

Remember, we discussed how the healthcare industry decided to cut back on spending in this area.

That’s why 2021 is less than $13 million when dividing between 2017 and 2021. 

22. Global Cybercrime Reached $6 Trillion in Damages in 2021. 

Cybercrime is just about hospital data breaches. It touches all industries at some point in time.

The healthcare industry just happens to get the brunt of the problem. That doesn’t mean that all industries shouldn’t consistently improve their security protocols. 

According to a KPMG survey of 500 CEOs of companies, 18% of the respondents said they believe the risk of cybersecurity will be the biggest threat to organizations through 2024.

That figure is up from 10% just last year. 

23. 100% of All Web Applications Linked to Health Information Are Susceptible to Cyber Attacks.  

Healthcare cybersecurity statistics like this one are definitely alarming.

This data comes from a Mid-Horizon study that also showed that hackers would have no problem accessing domain-level administrative privileges in nearly every healthcare application

The conclusion made is that more sophisticated technologies like cloud computing and blockchain technology are the answer to warding off cyberattacks.

Why these technologies? Cloud computing can be used to drive the execution of projects based on blockchain tech, according to Echo Innovate IT.

The Most Significant Data Breaches in Healthcare  2022

Now that we have discussed some of the most alarming and interesting hospital data breaches and healthcare cybersecurity statistics, we will keep this going by adding data from some of the most significant data breaches in the healthcare industry in history.

The following healthcare and hospital data breaches caused widespread damage, as any healthcare data breach can.

These breaches result in medical records loss, financial losses, lawsuits, patient trust, fraud, and identity theft. 

The largest healthcare data breaches that have ever happened (so far):

1. Anthem Blue Cross

In 2015, Anthem, the largest of all data breaches in healthcare or any industry ever seen, impacted more than 78.8 million Anthem members, and any independent payers associated with Anthem. 

These members had their home addresses, dates of birth, and Social Security numbers stolen in this breach.

In 2020, the company was finally able to settle with the states attorneys general for $39.5 million in damages.

2. Premera Blue Cross

Again in 2015, only six weeks after the Anthem data breach, Premera Blue Cross notified its members of a data breach that happened nine months prior in 2014.

The cybercriminals had stolen the PHI of more than 10.4 million members.

The members had their names, addresses, email addresses, bank account numbers, dates of birth, and Social Security numbers stolen.

In 2019, a class action settlement of $74 million was reached.

3. Excellus BlueCross BlueShield

Yet another victim of a healthcare data breach in 2015, Excellus BlueCross BlueShield discovered a breach that affected at least 10 million of its members.

The breach was found upon an internal inspection of the company’s systems.

The common data stolen included medical data, financial data, Social Security numbers, and names and addresses.

Excellus paid the federal government $5.1 million in fines for HIPAA violations related to the breach.

4. Tricare

In 2011, Tricare, a military healthcare system, experienced a data breach that impacted more than 4.9 million people.

Essentially, this makes this breach the  third in healthcare and hospital data breaches as of this writing.

The stolen data included PHI including Social Security numbers, the names of retired and active military personnel, along with their families’ data, plus addresses and phone numbers.

If a data breach of such a healthcare system doesn’t alarm you, what will? In this case, the class-action lawsuit was essentially dismissed in 2014.

5. University of California Los Angeles Health System

We are going into 2015 again for this data breach at the UCLA Health System where they reported that 4.5 million people had their PHI compromised.

The company won the $1.25 million lawsuit regarding that data breach in 2015, the same year it happened.

The hackers in this incident accessed UCLA’s network related to PHI, which includes names, birthdates, addresses, medical records, Social Security numbers, Medicare numbers, health plan numbers, and other medical information. 

Other significant healthcare data breaches occurred at Community Health Systems, Advocate Health Care, Medical Informatics Engineering, Banner Health, and Newkirk Products.

Outside the realm of the healthcare industry, large data breaches have occurred at Yahoo, Kroger, Equifax, and Capital One.

FAQs

Where Do Cyberattacks Come From?

Spear-phishing as a main infection vector accounts for 65% of cyberattacks. Cyberattacks come from malicious emails with office file attachments 48% of the time.

Internal factors make up 34% of all data breaches. Every minute, over $17,000 is lost to phishing emails. This is general information, but it includes hospital data breaches.

Who Is Most Affected by Data Breaches?

According to healthcare cybersecurity statistics, the healthcare industry is at the top of the list for the most impacted industry. The financial sector is second in line.

In general, any organization with between 1 and 250 employees experiences the highest rates of malicious emails at 1 in 323.

Manufacturing companies account for almost 25% of ransomware attacks. After reading this article, you should be surprised that 93% of healthcare organizations have experienced data breaches over the last three years.

Who Is at Risk?

In the workplace, including healthcare, every employee has access to at least 11 million files every day, whether they actually access them or not.

Additionally, 17% of all sensitive company files are accessible to all employees.

Around 60% of all companies have more than 500 accounts with passwords that don’t expire.

Another 77% of companies have no strategy for an incident response plan.

What Is the Cost of Data Breaches?

The average data breach costs $3.86 million. In the remote work realm, the average cost of data breaches increased by $137,000.

The average cost per record for all lost or stolen records is $146.

Summary

Now that you have the most interesting hospital data breaches and healthcare cybersecurity statistics in 2022, you should have a good idea of how significant these incidents are to everyone.

Hospital data breaches impact everyone with a medical record or medical insurance.

These cybercrimes are likely to continue and even grow over the next several years without some new security protocols in place.

The best solution that has the most promise is cloud computing with blockchain technology. These provide the most secure and safe methods of securing data.

While we may not be able to save the healthcare industry, or the other industries that are impacted by data breaches, we can do whatever we can to protect our own data with the right antivirus software that includes malware and real-time protection.

Also, investing in a good virtual private network (VPN) can give you an extra layer of protection.

The healthcare industry still needs to address their issues with data breaches, or more people’s data will be stolen and more identity theft incidents will occur.

Sources

Academic Journal of CybersecurityAcademic Journal of CybersecurityAJMC
Becker’s Health ITChief Healthcare ExecutiveCisco Mag
Cybersecurity VenturesEcho Innovative ITGlobal News Wire
Health IT SecurityHIPAA JournalHIPAA Journal
Fortified Health SecurityJournal of CybersecurityPhoenix NAP
Reliable ITRise HealthVaronis
Venture PointZDNet

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Jason Wise

Hi! I’m Jason. I tend to gravitate towards business and technology topics, with a deep interest in social media, privacy and crypto. I enjoy testing and reviewing products, so you’ll see a lot of that from me here on EarthWeb.