« Information Technology
  

Report Sheds Light on Cyberattack and Data Breach Trends from 2024

Despite a slight decrease in data breaches from 2023, the volume of exposed data and records surged.

By Jeff Wardon, Jr., Assistant Editor


Cyberattacks continue to persist into 2025 for the healthcare industry, with almost daily reports of another incident occurring. The HIPAA Journal recently crunched the numbers and released its 2024 Healthcare Data Breach Report, providing insight into the trends and data concerning cyber incidents of the last year. 

In 2024, 725 large healthcare data breaches (involving more than 500 records) were reported to the Department of Health and Human Services (HHS), marking the third consecutive year with over 700 breaches, according to the report. This represents a slight 2.95 percent decrease from 2023. While the number of breaches plateaued, the volume of exposed records surged, reaching 275 million — a 63.5 percent increase from 2023. This spike was largely due to the Change Healthcare breach, which affected 190 million records. 

Similarly, Healthcare Facilities Today also reported on a large-scale ransomware attack on PIH Health in December 2024. This attack resulted in 17 million patient records being stolen, as claimed by the hackers, and halted operations across three of its hospitals. There was even a lawsuit brought against PIH Health that alleged the organization didn’t keep the sensitive data from the hackers. 

Related: Why Healthcare Organizations are Major Cyberattack Targets

Furthermore, hacking and IT incidents dominated, accounting for 81.2 percent of breaches and over 259 million compromised records. Ransomware attacks rose 278 percent from 2018 to 2023, though hacking incidents dipped slightly (2.8 percent) in 2024. Unauthorized access/disclosure incidents remained steady, but the records affected nearly doubled. Phishing was the primary entry point for ransomware (45 percent), followed by Remote Desktop Protocol (RDP) compromises (42 percent) and unpatched vulnerabilities (19 percent). 

Another significant cyberattack in the healthcare field was the Ascension ransomware attack, as Healthcare Facilities Today previously reported on. This was caused by an employee accidentally downloading a malicious file they thought to be legitimate.  

Network servers were the most common source of breaches, with email-related breaches also significant. Despite fewer breaches, the growing scale of compromised data highlights persistent cybersecurity vulnerabilities in healthcare. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



February 6, 2025


Topic Area: Information Technology , Security

Recent Posts

Healthcare Workers Need Better Workplaces

New global survey finds frontline healthcare workers struggle with significant gaps in workplace satisfaction.

Protecting Patients Through Design and Compliance at Altru Health System

Case study: Altru Health System’s new “Hospital in the Park” pairs patient-focused design with durable, code-compliant exit solutions built for safety, performance and long-term flexibility.

Novant Health's $1B Expansion Plans Approved

The approval supports the master facility plan for Novant Health New Hanover Regional Medical Center.

What Lies Ahead for Healthcare Facilities Managers

Staffing shortages, rising regulatory scrutiny and accelerating adoption of AI are converging to reshape the way healthcare facilities are managed.

What's in the Future for Healthcare Restrooms?

Workforce shortages, rising hygiene expectations and connected technologies are pushing healthcare restrooms beyond basic utility.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.