Report Sheds Light on Cyberattack and Data Breach Trends from 2024

Despite a slight decrease in data breaches from 2023, the volume of exposed data and records surged.

By Jeff Wardon, Jr., Assistant Editor


Cyberattacks continue to persist into 2025 for the healthcare industry, with almost daily reports of another incident occurring. The HIPAA Journal recently crunched the numbers and released its 2024 Healthcare Data Breach Report, providing insight into the trends and data concerning cyber incidents of the last year. 

In 2024, 725 large healthcare data breaches (involving more than 500 records) were reported to the Department of Health and Human Services (HHS), marking the third consecutive year with over 700 breaches, according to the report. This represents a slight 2.95 percent decrease from 2023. While the number of breaches plateaued, the volume of exposed records surged, reaching 275 million — a 63.5 percent increase from 2023. This spike was largely due to the Change Healthcare breach, which affected 190 million records. 

Similarly, Healthcare Facilities Today also reported on a large-scale ransomware attack on PIH Health in December 2024. This attack resulted in 17 million patient records being stolen, as claimed by the hackers, and halted operations across three of its hospitals. There was even a lawsuit brought against PIH Health that alleged the organization didn’t keep the sensitive data from the hackers. 

Related: Why Healthcare Organizations are Major Cyberattack Targets

Furthermore, hacking and IT incidents dominated, accounting for 81.2 percent of breaches and over 259 million compromised records. Ransomware attacks rose 278 percent from 2018 to 2023, though hacking incidents dipped slightly (2.8 percent) in 2024. Unauthorized access/disclosure incidents remained steady, but the records affected nearly doubled. Phishing was the primary entry point for ransomware (45 percent), followed by Remote Desktop Protocol (RDP) compromises (42 percent) and unpatched vulnerabilities (19 percent). 

Another significant cyberattack in the healthcare field was the Ascension ransomware attack, as Healthcare Facilities Today previously reported on. This was caused by an employee accidentally downloading a malicious file they thought to be legitimate.  

Network servers were the most common source of breaches, with email-related breaches also significant. Despite fewer breaches, the growing scale of compromised data highlights persistent cybersecurity vulnerabilities in healthcare. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



February 6, 2025


Topic Area: Information Technology , Security


Recent Posts

Frederick Health Hospital Faces 5 Lawsuits Following Ransomware Attack

The lawsuits accuse FHH of inadequate cybersecurity, poor breach notification and failing to protect patients from identity theft risks.


Arkansas Methodist Medical Center and Baptist Memorial Health Care to Merge

They have signed a non-binding letter of intent to complete a shared mission agreement to merge the two organizations.


Ground Broken on Intermountain Saratoga Springs Multi-Specialty Clinic

The clinic is scheduled to open and start seeing patients in the fall of 2026.


Electrical Fire Tests Resilience of Massachusetts Hospital

Signature Healthcare Brockton Hospital used opportunity to renovate key systems and components and expand facility operations.


Bomb Threat Alleged at Illinois Hospital

The alleged suspect was taken into police custody, and the threat was determined to be unfounded.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.