# Study: Most Healthcare Data Breaches Caused by Hacking

A recent study published in the JAMA Network Open has shed light on the causes of healthcare data breaches, revealing a significant shift in the cyber threat landscape. Researchers affiliated with Michigan State University, Yale University, and Johns Hopkins analyzed publicly available data from the HHS Office for Civil Rights (OCR) between 2010 and 2024.

The study found that hacking and IT incidents, including ransomware, have become the primary cause of large healthcare data breaches reported to OCR. This trend is consistent with recent years, where hacking has dominated breach figures. However, it's worth noting that theft was the leading cause of healthcare data breaches in 2010, followed by unauthorized access.

It wasn't until 2017 that hacking became the primary breach cause, reflecting a significant shift in the cyber threat landscape. As hacking incidents multiplied, healthcare began experiencing higher breach volumes. For example, the number of protected health information (PHI) data breaches more than doubled over the past 14 years, increasing from 216 in 2010 to 566 in 2024.

Hacking and IT incidents increased from 4% to 81% of all breaches in the same period. While ransomware remains a significant concern, its proportion as a cause of healthcare data breaches is unclear, according to the research letter. The researchers paired OCR's data with their own analysis of breaches and labeled each hacking or IT incident as either a ransomware hacking or IT incident or a non-ransomware hacking or IT incident.

The results showed that ransomware hacking or IT incidents increased from zero reported cases in 2010 to 31% of all healthcare data breach cases in 2021. By 2024, this figure dipped to 11%, with ransomware accounting for 61 of the 566 cases analyzed in this study.

Still, hacking remains a top breach cause, and cyber threat actors are increasingly impacting a larger number of patient records with fewer individual hacks. For example, cyber threat actors targeted Change Healthcare with a single ransomware attack that rippled throughout the entire U.S. healthcare system.

The number of records impacted by PHI breaches exemplifies this trend. From 2010 to 2024, 732 million records were impacted by healthcare data breaches, and hacking or IT incidents accounted for 88% (643 million) of those. The researchers noted that their results were limited because these metrics do not show the operational disruptions that can result from a ransomware attack.

Additionally, underreporting likely means that the true extent of ransomware's damage to healthcare is uncertain. "Hospitals, clinics, health plans, and other HIPAA-covered entities are particularly vulnerable to ransomware attacks due to limited cybersecurity resources and the urgency of system recovery for patient care," the research letter stated.

Mitigation strategies include mandatory ransomware fields in OCR reporting to improve surveillance clarity, revising severity classifications to account for operational impact, and monitoring cryptocurrency to disrupt ransom payments. As healthcare organizations continue to grapple with the ever-evolving threat landscape, it's essential to stay informed about the latest developments and best practices for protecting sensitive patient data.

Dig deeper into this topic by reading more on our page dedicated to healthcare data breaches. We'll be covering the latest news, analysis, and expert insights to help you navigate the complex world of healthcare cybersecurity.