Healthcare data breaches soared in 2024, with a staggering 305 million patient records compromised, according to Bluesight’s 2025 Breach Barometer. The report highlights a rise in cyberattacks, delayed breach notifications, and increasing cyber insurance costs. All this adds financial pressure to an already strained industry.
Largest Healthcare Breach in History
In one case a single cyberattack impacted the records of 190 million people. The largest healthcare data breach ever recorded. This event affected one in two Americans – half the population. That scale underscores the urgent need for stronger cybersecurity measures.
“The industry is grappling with ongoing cybersecurity threats and struggling to notify patients of breaches,” said Kevin MacDonald, Bluesight’s CEO. “By leveraging machine learning, organizations can better protect patient data while maintaining regulatory compliance.”
Business Associates Pose the Biggest Risk
The report found that third-party vendors and business associates were responsible for 77% of breached records in 2024. While healthcare providers submitted most breach reports, business associates accounted for the largest volume of stolen data.
Cybercriminals targeted third-party entities due to weaker security measures, making them a primary attack vector. Healthcare organizations must enhance vendor oversight to reduce risks from external partners.
Delayed Breach Notifications Leave Patients Vulnerable
On average, it took 205 days for organizations to notify affected individuals after a breach—a 16% increase from 2023. Many breaches went undisclosed for months, preventing patients from taking protective actions like freezing credit or monitoring for fraud.
Long notification delays raised compliance concerns, as regulations require timely disclosures. Failure to report breaches promptly could lead to regulatory fines and reputational damage.
Insider Threats and Hacking Dominate Breach Causes
While external attacks led to most breaches, insider threats surged, with 16 million records exposed due to employee errors or intentional misuse. Insider breaches included unauthorized access to patient records and misconfigured cloud storage.
Still, hacking-related incidents accounted for 82% of all breaches in 2024. Ransomware attacks, credential theft, and data extortion schemes overwhelmed healthcare IT systems, crippling hospital operations and exposing sensitive information.
Cyber Insurance Costs Soar
Rising cyber threats have made cyber insurance more expensive and harder to obtain. Some healthcare organizations face premium hikes, while others struggled to secure coverage due to high-risk profiles. Insurers are tightening underwriting requirements and demanding better cybersecurity controls before issuing policies.
Financial and Operational Impact of Breaches
The financial toll of healthcare data breaches hit $9.77 million per incident on average, according to IBM’s Cost of a Data Breach 2024 report. Expenses included ransom payments, regulatory fines, and class-action lawsuits.
Beyond financial losses, cyberattacks disrupted hospital operations. A ransomware attack on Synnovis, a UK-based provider, severely impacted National Health Service (NHS) operations. The attack delayed patient care for months.
Call for Stronger Cybersecurity Measures
The 2025 Breach Barometer urges healthcare organizations to implement advanced security measures, including:
- AI-driven monitoring to detect suspicious activity.
- Strict access controls to limit insider threats.
- Faster breach detection and response to reduce notification delays.
- Stronger third-party risk management for business associates.
“Protecting patient data isn’t just a compliance issue; it’s a matter of trust and patient safety,” said MacDonald.
As cyber threats evolve, healthcare providers must prioritize data security to prevent further breaches and maintain patient confidence.
