The healthcare industry, increasingly reliant on electronic systems to store and manage patient information, is facing the growing threat of data breaches. According to the latest Incogni analysis, since 2020, there have been 2,213 breaches impacting 152.1 million individuals—the equivalent of almost half the US population. Among the most-leaked data were Social Security numbers, treatment information, and diagnoses.
Medical entities use advanced electronic systems to store and manage patient information. While digitalization has numerous benefits, it can—given the sensitive nature of the information collected—also expose patients to an increased threat of data breaches, which pose significant risks, including identity theft, medical fraud, and patient health exposure.
Incogni’s analysis highlights the severity of this issue. The research, based on reports from the Department of Health and Human Services, examines the types of data breached, the states most affected, and the entities involved.
Incogni’s researchers report that there have been 2,213 breaches since 2020, impacting 152.1 million individuals—the equivalent of nearly half the US population. California experienced the highest number of breaches, with 221 incidents reported since 2020 and 17.1 million profiles affected. New York saw the second-highest number, with 174 breaches impacting 8.6 million healthcare profiles, and Texas had the third-highest number, with 159 breaches affecting 10.8 million healthcare profiles.
According to the analysis, names were exposed in the highest number of healthcare profiles—126.5 million. Addresses were the second-most breached data point, included in 106 million breached profiles (the equivalent of 31.82% of the US population), while Social Security information was the third-most common, included in 94.5 million breached profiles (28.35%). Birth dates ranked fourth, affecting 93.7 million profiles (28.12%), and treatment information was the fifth-most exposed, impacting 79.5 million profiles (23.85%).
Healthcare providers were the most frequently targeted, with 1,572 breaches (71% of all reported healthcare data breaches) exposing 87.6 million healthcare profiles. The biggest data breach occurred at 20/20 Eye Care Network, where a cyberattack exposed over 4.1 million individuals’ names, addresses, Social Security numbers, and health insurance and claims information.
The most common cause was hacking and IT incidents, accounting for 1,622 breaches and affecting 136.8 million healthcare profiles. Network server breaches (50% of all cases) led to fewer medical information exposures than electronic medical records breaches (4.4% of all cases).
Darius Belejevas, head of data protection service Incogni, comments: “The transition to electronic health systems has undoubtedly brought numerous benefits to the healthcare sector, but it has also introduced significant risks. The exposure of sensitive health information can have devastating consequences for individuals, as their data might be further used by data brokers or even criminals. Incogni advocates for more stringent privacy and security measures for entities that manage patient information.
“As breaches continue to compromise patient privacy, they also put patients’ safety at risk and erode their trust in the healthcare system. Moreover, they can lead to identity theft, medical fraud, and other forms of exploitation.
“Despite the financial and reputational damages healthcare organizations face after breaches, many still fail to secure data adequately. At Incogni, we advocate for stringent privacy and security measures to protect patient rights and restore trust in the healthcare system.”
About Incogni:
Incogni helps people take control of their data by removing their personal information from data brokers and people search sites. Incogni provides a simple, user-friendly solution that prevents personal data from being sold and reduces the likelihood of cybercrimes and spam.
The full study covering the health-related data breaches is available here.
Our public dataset is available here.
For more information visit:
