Report Sheds Light on Cyberattack and Data Breach Trends from 2024

Despite a slight decrease in data breaches from 2023, the volume of exposed data and records surged.

By Jeff Wardon, Jr., Assistant Editor


Cyberattacks continue to persist into 2025 for the healthcare industry, with almost daily reports of another incident occurring. The HIPAA Journal recently crunched the numbers and released its 2024 Healthcare Data Breach Report, providing insight into the trends and data concerning cyber incidents of the last year. 

In 2024, 725 large healthcare data breaches (involving more than 500 records) were reported to the Department of Health and Human Services (HHS), marking the third consecutive year with over 700 breaches, according to the report. This represents a slight 2.95 percent decrease from 2023. While the number of breaches plateaued, the volume of exposed records surged, reaching 275 million — a 63.5 percent increase from 2023. This spike was largely due to the Change Healthcare breach, which affected 190 million records. 

Similarly, Healthcare Facilities Today also reported on a large-scale ransomware attack on PIH Health in December 2024. This attack resulted in 17 million patient records being stolen, as claimed by the hackers, and halted operations across three of its hospitals. There was even a lawsuit brought against PIH Health that alleged the organization didn’t keep the sensitive data from the hackers. 

Related: Why Healthcare Organizations are Major Cyberattack Targets

Furthermore, hacking and IT incidents dominated, accounting for 81.2 percent of breaches and over 259 million compromised records. Ransomware attacks rose 278 percent from 2018 to 2023, though hacking incidents dipped slightly (2.8 percent) in 2024. Unauthorized access/disclosure incidents remained steady, but the records affected nearly doubled. Phishing was the primary entry point for ransomware (45 percent), followed by Remote Desktop Protocol (RDP) compromises (42 percent) and unpatched vulnerabilities (19 percent). 

Another significant cyberattack in the healthcare field was the Ascension ransomware attack, as Healthcare Facilities Today previously reported on. This was caused by an employee accidentally downloading a malicious file they thought to be legitimate.  

Network servers were the most common source of breaches, with email-related breaches also significant. Despite fewer breaches, the growing scale of compromised data highlights persistent cybersecurity vulnerabilities in healthcare. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



February 6, 2025


Topic Area: Information Technology , Security


Recent Posts

What Modern Architectural Trends Shape Healthcare Facilities Design

The average U.S. building is over 50 years old, but people are expecting more modern design when it comes to their healthcare facility.


Vera Whole Health Opens Fifth Atlanta Area Care Center

The new East Point location further expands Vera Whole Health's footprint in the Atlanta metropolitan area.


Using Drones with Safety and Privacy in Mind

By addressing key considerations, managers can avoid problems and realize the substantial benefits drones can provide throughout the construction lifecycle.


MultiCare and Kootenai Health Announce 30-acre Prairie Medical Campus

Development on phase one is scheduled to begin in 2025, with an anticipated 24 to 36-month timeline for completing projects in this phase.


Retrofitting Healthcare Facilities for EV Charging

With EV adoption growing, healthcare facilities may face some challenges when retrofitting their buildings for charging.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.