Cyberattacks are becoming more frequent in our increasingly digital world. 

Not only that: 

They’ve become more powerful and problematic, especially for people who aren’t fully aware of how vulnerable they are online. 


The sheer volume of compromised records is enough to make anyone wary of their actions. And your best defense against potential threats is awareness. 

Especially when it comes to healthcare. 

Having sufficient knowledge of the cybersecurity threat landscape can empower healthcare organizations to protect their patients’ personal information from potential threats.

So, without further ado, let’s delve into healthcare data breach statistics in 2019.   

Fascinating Healthcare Data Breach Stats: Editor’s Choice

  • Over the past decade, there have been 2,550 data breaches in the healthcare industry, impacting 189 million medical records.
  • HIPAA records 13,236,569 breach statistics.
  • 89% of healthcare providers have suffered data breaches in the past two years.
  • 41% of Americans have had their protected health information exposed in the last three years.
  • Data breaches cost healthcare providers an average of $6.45 million.
  • Healthcare institutions spend an average of $429 per stolen record.
  • By 2021, there’s an expected losses of $6 trillion due to cyber-related crimes.

Healthcare Data Breach Statistics

Big data analysis pits the healthcare industry as one of the most vulnerable sectors, seeing exponential amounts of breaches year after year. So, healthcare providers must conduct research to understand the threat landscape. Knowing what you’re dealing with enables you to prepare for the worst.

1. 2,550 data breaches have compromised over 189 million healthcare records in the last decade.

Between 2009 and 2018, healthcare providers had to protect themselves against all kinds of security threats. They faced a total of 2,550 healthcare data breaches, stats suggest. Together, they have impacted more than 189 million records.

2. 13,236,569 medical records were compromised in 2018.

Every year, this industry sees a massive increase in healthcare record breaches. There were 5,138,179 compromised records in 2017, and that number nearly tripled the following year. Around 13,236,569 medical records were breached according to a healthcare breaches 2018 report.

3. 89% of healthcare providers have undergone a data breach.

Even though healthcare providers are becoming more proactive about their organization’s cybersecurity programs, data breaches are still common. In fact, 89% of all healthcare providers have fallen victim to a breach. 

4. Cyber threats are expected to hit $6 trillion in losses by 2021.

Cyberattacks and other failures such as healthcare data breaches can lead to $6 trillion in damages in the next three years according to Cybersecurity Ventures. That’s $3 trillion more than in 2017.

5. 168 hacking incidents in the first half of 2019 has led to 31 million breached records.

A total of 285 attacks were recorded in the first half of this year. Of that number, 168 were hacking cases, making it the primary cause of security incidents in healthcare. Around 88% of the 31 million breached records were obtained through hacking.

Recent Healthcare Data Breaches

Technology aids healthcare industry innovation. This is evident in solutions such as the Internet of Things, which aim to make healthcare provision a more efficient process. But as healthcare continues to advance, it seems inevitable that cybercriminals will focus on the sector.

So, what does the data breach landscape look like in the modern healthcare industry? 

Let’s take a look at some of the latest figures.

6. 31 million patient records have been breached in Q1 and Q2 2019.

According to Protenus Breach Barometer, 31 million healthcare records were compromised due to various cybersecurity incidents in the first half of 2019. A recent data breach report shows it is already twice the figure for last year, which saw around 15 million compromised patient files. 

7. 9,652,575 healthcare records were impermissibly exposed or stolen in the first half of 2019. 

The Health Insurance Portability and Accountability Act’s (HIPAA) latest statistics in healthcare breaches reflect the growing need for advanced cybersecurity solutions. In the first six months of 2019 alone, 9,652,575 records were compromised. That’s almost twice the number of breached records in 2017. If security incidents continue at this rate, it won’t be long before this year’s total exceeds last year’s record numbers.

8. HIPAA recorded an average of 37.2 data breaches per month between January and May 2019.

HIPAA healthcare data breaches facts for January to May of 2019 documented an average of 37.2 incidents per month. A total of 186 breaches were reported to the Department of Health and Human Services’ Office for Civil Rights, which is already more than half of the recorded incidents from the previous year.

Closer Look at Healthcare Breaches

Cyberattacks can happen to any organization, no matter the size. Recently, there’s been a rise in cyber criminals attacks on healthcare services. This leads to exposure of important patient data, as seen in the Optum 360 and Sonoma Valley cyberattacks, where financial data and personally identifiable information may have been leaked. 

Whether the number of patients involved is in the thousands or millions, every data breach presents a threat in healthcare operations. And we have the statistics to prove it.

9. Healthcare providers took 197 days to identify a data breach and 69 days to contain it.

Healthcare data breaches statistics for 2018 reveal healthcare providers took an average of 197 days to determine if they have been breached. They would then take another 69 days to contain the threat. Organizations that were able to address the threats in less than 30 days saved up to $1 million in the long run compared to those that took longer.

10. HIPAA indicates that April has seen the highest rate of data breaches out of any other month so far, with 46 incidents.

The Office for Civil Rights’ stats on healthcare recorded 46 security incidents in April 2019. This is the highest number of recorded breaches in a month in the past five years. Although there were fewer data breach incidents in May, the month saw a 186% increase in breached records, which compromised over 1.9 million individuals’ personal health information.

11. 36 data breaches occurred in September.

Organizations saw a total of 36 data breaches in September, as indicated in HIPAA’s most recent healthcare industry statistics report. The month had 26.53% fewer breaches than August. Even though there were fewer attacks, the number of records compromised in September was 168.11% more than in August, resulting in the breach of 1.9 million records. 

12. Four cybersecurity attacks caused 85.80% of data breaches in September.

Only four hacking incidents were responsible for 85.80% of breached records in September. HIPAA confirms that three of those breaches were ransomware attacks. The largest breach potentially compromised 528,188 health records.

13. Over 41% of the US population has had their protected health information compromised.

HIPAA records show the healthcare sector has faced 955 security breaches in healthcare in the last three years. In fact, the healthcare industry has witnessed at least one breach per day on average. According to HIPAA, around 135,060,443 records have been compromised as a result of these incidents. 

And that’s not all:

Currently, 41% of Americans have had their personal records exposed to a certain extent because of those security incidents. More healthcare organizations are reporting security breaches each year since the HIPAA required them to do so. Although the number of security breaches is rising, the number of breached records has been gradually declining in the past three years.

Healthcare Data Breach Cost

Cybersecurity incidents come with serious financial consequences. With the rise of data breaches, the average costs have skyrocketed over the years. A single breach can potentially lead to several millions of dollars in losses. 

Leftronic Tip:

Avoid potential losses for your healthcare organization by deploying robust security solutions.

14. The average cost of a data breach in the healthcare industry is $6.45 million.

According to IBM’s data breach 2019 report, the cost of security incidents has increased in the last five years. That amounts to an average of $3.92 million for each incident, reflecting a 1.5% increase from the previous year. 

What’s more:

Healthcare still has the highest financial repercussions for data breaches, with costs averaging $6.45 million. 

15. Only 67% of the financial consequences of data breaches are felt within the first year of the attack.

IBM’s latest annual data breaches statistics included the long-term financial consequences of data breaches for the first time. It found that, on average, companies shoulder 67% of the costs in the first year. Around 22% of that is accrued in the succeeding year, while 11% is accumulated in the years after. Since healthcare is a highly-regulated industry, organizations see higher long-tail costs in the second or third year after the breach.  

16. Data breaches with higher life cycles result in at least $1.2 million more in expenses than average.

A data breach life cycle refers to the amount of time an organization takes to identify and address a data breach.


The average life cycle is 279, which is 4.9% longer than last year, according to IBM’s healthcare statistics 2018. Additionally, it comes with greater costs. Companies that take over 200 days to contain a security incident must spend at least $1.2 million more than organizations that can successfully address it in less time. 

17. Healthcare providers spend an average of $429 per stolen record.

Security breaches cost around $429 per stolen record. That number is up from last year’s $408. Compared to other industries, the highly-regulated healthcare sector spends three times more on data breach costs, as highlighted in healthcare breaches 2019 records.

18. There has been a 12% increase in data breach costs.

Healthcare isn’t the only sector seeing an increase in data breach costs. As a matter of fact, the same IBM report shows that all sectors have been experiencing a 12% increase in data security incidents.

Not only that: 

The financial consequences are expected to burden organizations for several years after the attack. The growing complexity of the cybersecurity landscape, in addition to increased regulations, has triggered the increase of breach costs, the report shows.

Top Causes of Healthcare Data Breaches 2019

Why is healthcare one of the most vulnerable industries for data breaches? 

Learn more about the causes of security incidents in healthcare to understand the kind of security solutions healthcare providers need to deploy to prevent breaches from happening. 

19. 44.44% of all data breaches in September 2019 were caused by phishing attacks.

Phishing attacks caused 44.44% of healthcare data breach incidents in September, making them a significant problem for the industry. Around 16 attacks targeted protected healthcare information stored in email accounts. Network administrators saw the second-largest percentage of security incidents with network servers with 13 recorded ransomware attacks.

Here’s how it went down:

Five breaches centered on paper documents, three targeted desktop computers, and two focused on mobile devices. Laptops and electronic medical records saw the least number of attacks, with only one incident recorded that month.

20. 46% of healthcare organizations have been damaged by insider threats.

Insider threats are one of the leading causes of breaches in healthcare. According to Verizon healthcare data breaches facts, 46% of healthcare organizations suffer from such a burden. It’s the only industry so far to have a higher percentage of breaches than external factors. Insiders can be full-time employees, part-time workers, contractors, interns, and other staff. 

They pose a serious threat to the organization, as they can potentially gain access to records that no hacker can. Compared to external threats, they’re also more challenging to detect.

21. Authorized users who misused their work privileges caused 15% of breaches.

As shown in Verizon’s report, misuse of privileges caused 15% of data breaches in healthcare. Misuse refers to the malicious or improper use of office privileges. Most of the incidents are financial in nature; however, employees using personal health information to gain illegal advantages is also quite common.

22. Organized criminals perpetrated 39% of data breach incidents.

According to the latest healthcare data breach statistics, organizations now also have to worry about organized criminal groups. Verizon’s data shows that organized criminals executed over one-third of all cybersecurity attacks. 

23. Human errors triggered 21% of breaches.

In Verizon’s healthcare cyber attacks 2018 data, human error was one of the top causes of data breaches. Based on the latest figures, human error continues to be a significant threat to healthcare providers.

Two types of errors stood out among the rest in Verizon’s report - publishing errors and misdelivery. Human error was responsible for a fifth of all recorded breaches. 

The thing is:

Healthcare providers often mistakenly publish data analytics on a public website. Sometimes, medical professionals might also send personal information to the wrong recipients.

24. 70% of all malware outbreaks were caused by ransomware.

Ransomware has always been a popular method of attack. It caused 39% of malware-based incidents, as indicated in Verizon’s healthcare data breaches 2018 data. In the most recent report, findings showed that ransomware continues to be a significant threat to healthcare providers, causing 70% of malware attacks. 


We turn to healthcare professionals to improve our health or enhance the quality of our lives. We entrust their bodies and minds to doctors, nurses, and other medical professionals. Unfortunately, given the latest figures in healthcare data breach statistics, cybersecurity doesn’t seem to be their area of expertise. There’s a lot of room for improvement, to say the least.

Nevertheless, with constant research and innovation, healthcare institutions should be able to implement the right security solution and avoid devastating financial consequences.