« Information Technology
  

Report Sheds Light on Cyberattack and Data Breach Trends from 2024

Despite a slight decrease in data breaches from 2023, the volume of exposed data and records surged.

By Jeff Wardon, Jr., Assistant Editor


Cyberattacks continue to persist into 2025 for the healthcare industry, with almost daily reports of another incident occurring. The HIPAA Journal recently crunched the numbers and released its 2024 Healthcare Data Breach Report, providing insight into the trends and data concerning cyber incidents of the last year. 

In 2024, 725 large healthcare data breaches (involving more than 500 records) were reported to the Department of Health and Human Services (HHS), marking the third consecutive year with over 700 breaches, according to the report. This represents a slight 2.95 percent decrease from 2023. While the number of breaches plateaued, the volume of exposed records surged, reaching 275 million — a 63.5 percent increase from 2023. This spike was largely due to the Change Healthcare breach, which affected 190 million records. 

Similarly, Healthcare Facilities Today also reported on a large-scale ransomware attack on PIH Health in December 2024. This attack resulted in 17 million patient records being stolen, as claimed by the hackers, and halted operations across three of its hospitals. There was even a lawsuit brought against PIH Health that alleged the organization didn’t keep the sensitive data from the hackers. 

Related: Why Healthcare Organizations are Major Cyberattack Targets

Furthermore, hacking and IT incidents dominated, accounting for 81.2 percent of breaches and over 259 million compromised records. Ransomware attacks rose 278 percent from 2018 to 2023, though hacking incidents dipped slightly (2.8 percent) in 2024. Unauthorized access/disclosure incidents remained steady, but the records affected nearly doubled. Phishing was the primary entry point for ransomware (45 percent), followed by Remote Desktop Protocol (RDP) compromises (42 percent) and unpatched vulnerabilities (19 percent). 

Another significant cyberattack in the healthcare field was the Ascension ransomware attack, as Healthcare Facilities Today previously reported on. This was caused by an employee accidentally downloading a malicious file they thought to be legitimate.  

Network servers were the most common source of breaches, with email-related breaches also significant. Despite fewer breaches, the growing scale of compromised data highlights persistent cybersecurity vulnerabilities in healthcare. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



February 6, 2025


Topic Area: Information Technology , Security

Recent Posts

Retrofitting Healthcare Facilities for EV Charging

With EV adoption growing, healthcare facilities may face some challenges when retrofitting their buildings for charging.

Healthcare Real Estate: Challenges and Industry Shifts for 2025

The hurdles include balancing expansion with financial constraints, the sustainability of office and retail conversions, and technological disruptions.

Geisinger to Build $32 Million Cancer Center in Pennsylvania

The two-story, 40,000-square-foot facility will be home to the cancer center with space for future growth of services.

Sunflower Medical Group Experiences Data Breach

To date, Sunflower has no evidence that personal information has been misused.

Strategies to Eradicate Biofilm Containing C. Auris

Understanding the speed and risks of contamination after room disinfection should inform managers’ environmental cleaning recommendations.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.