A new report reveals there have been 480 healthcare data breaches in 2023 so far, with over 25% of Americans impacted. The estimated number of patients affected is 87 million this year so far, over double the 37 million in 2022.
The report comes from Atlas VPN, which utilized publicly available data from the U.S. Department of Health and Human Services (HHS), which keeps a running list of healthcare security incidents. Federal law requires data breaches that potentially leak more than 500 patient records to be reported to the HHS.
According to the data, breaches from this year that exposed patient records happened in 49 states, with California topping the list with 43. New York came in second with 42 security incidents, followed by Texas with 38. Ohio rounded out the bottom with 14.
The only state to avoid any reported attacks this year is Vermont, which the report credited to the “small population and lack of major cities” that “may allow [Vermont] to fly under the radar of sophisticated hackers looking for maximum reward.”
Two data breaches stand out in particular, responsible for almost 20 million patient records being exposed to cybercriminals: HCA Healthcare, a for-profit health system out of Nashville announced a data breach of 11 million records in July. Managed Care of North America, a for-profit provider of dental benefits and services for state and federal healthcare programs, was hit by a ransomware attack in May that potentially exposed 8.9 million patient records.
The full report can be found here.