Skip to main content
Email

The latest news in Healthcare IT – straight to your inbox.

Home
  • Main Menu
  • Subscribe
  • Topics
    • Video
    • Analytics
    • Artificial Intelligence
    • Cloud Computing
    • EHR
    • Government & Policy
    • Interoperability
    • Patient Engagement
    • Population Health
    • Precision Medicine
    • Privacy & Security
    • Telehealth
    • Women In Health IT

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition
Global Edition
Privacy & Security

Top 15 largest U.S. healthcare provider data breaches of 2024

It was another record-breaking year for healthcare cyberattacks, and healthcare providers' network servers were again prime targets for hackers.
By Andrea Fox
December 30, 2024
05:22 PM

Photo: Brett Sayles/Pexels

Of the 421 hacking/IT incidents and unauthorized access/disclosure incidents attributed to healthcare providers across the United States reported to the U.S. Department of Health and Human Services this year, the top 15 data breaches affected 24,755,791 individuals.

WHY IT MATTERS

This year's top two largest healthcare data breaches are Change Healthcare, with 100 million individuals affected, and Kaiser Foundation Health Plan, with 13.4 million individuals affected, according to a list of the 10 largest U.S. health data breaches in 2024. While these breaches far exceeded the impact across all types of HIPAA-covered entities, healthcare providers' network servers were still a prime target for hacking or unauthorized access/disclosure, based on a search of the breach portal's data through December 30.

According to the HHS list of cases currently under investigation, the following 15 healthcare provider organizations suffered catastrophic health data breaches this year:

  1. Ascension Health, affecting 5,599,699 patients.
  2. Concentra Health Services, Inc., affecting 3,998,163 patients.
  3. Acadian Ambulance Service, Inc., affecting 2,896,985 patients.
  4. Integris Health, affecting 2,385,646 patients.
  5. Summit Pathology/Summit Pathology Laboratories, Inc., affecting 1,813,538 patients.
  6. Geisinger, affecting 1,276,026 patients.
  7. Eastern Radiologists, Inc., affecting 886,746 patients.
  8. Superior Air-Ground Ambulance Service, Inc., affecting 858,238 patients.
  9. Texas Tech University Health Sciences Center El Paso, affecting 815,000 patients.
  10. OnePoint Patient Care, affecting 795,916 patients.
  11. Ann & Robert H. Lurie Children's Hospital of Chicago, affecting 775,860 patients.
  12. Florida Department of Health, affecting 729,699 patients.
  13. OrthopedicsNY, LLP, affecting 656,086 patients.
  14. Texas Tech University Health Sciences Center, affecting 650,000 patients.
  15. Risas Dental & Braces, affecting 618,189 patients.

Of note, the federal health data breach portal does not yet contain information on an alleged massive breach of a recent cyberattack on PIH Health. The California-based health system is posting regular website updates after a December 1 cyber incident, but declined to comment on an alleged circulating ransom letter, as reported by the Whittier Daily News.

In the typewritten letter, the hackers claimed to have stolen about two terabytes of data, including 17 million patient records that contain personal and medical information, photos, patient notes and other information, according to the December 14 story.

If a forensic investigation determines that data has indeed been exposed, that would push the number of individuals affected in the top 15 data breaches targeting U.S. healthcare providers in 2024 to more than 40 million individuals.

THE LARGER TREND

UnitedHealth Group said in May that it's rebuilding Change Healthcare with cloud-based security after it was devastated by a far-reaching ransomware attack by the ALPHV ransomware gang on February 21. 

However, the massive payments clearinghouse outage not only exposed the most electronic protected health information of any healthcare data breach in history, but also dramatically hobbled patient care, leaving healthcare providers seeking to avoid treatment delays with overwhelming financial burdens.

To address the growing threat of healthcare cyberattacks, HHS and the Office for Civil Rights announced a Notice of Proposed Rulemaking on Friday to modify the Security Standards for the Protection of Electronic Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act of 2009.

Included are several new proposals that would require HIPAA-covered entities to encrypt ePHI with few exceptions, implement multifactor authentication and inventory its technology assets.

"Cyberattacks continue to impact the healthcare sector, with rampant escalation in ransomware and hacking causing significant increases in the number of large breaches reported to OCR annually," OCR Director Melanie Fontes Rainer said in a statement about the first HIPAA Security Rule update since 2013.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

Topics: 
Compliance & Legal, Government & Policy, Privacy & Security

More regional news

Patient does a virtual care consult

Castlight Health intros virtual urgent care for members

By
Mike Miliard
April 18, 2025
HIMSSCast logo

HIMSSCast: Should every healthcare organization have an AI strategy?

By
Mike Miliard
April 18, 2025
Nurse checks tablet to communicate on shift

Zoom launches agentic AI-powered mobile comms for frontline staff

By
Andrea Fox
April 18, 2025
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff

Most Read

Australia infuses $85M in digital mental health and more briefs
Roundup: AI and cloud tackle cyber risk and improve workflows
Chinese health players begin integrating DeepSeek
DEA's draft special telehealth reg rule should be tossed, healthcare orgs say
Oracle Health files QHIN application
Lack of AI governance poses threat to data security, new HIMSS research shows

Research

White Papers

More Whitepapers

Telehealth
Create secure, connected omnichannel communications
Telehealth
Let us guide you to HIPAA compliance
Cloud Computing
How a cloud communications platform puts connection at the center of care

Webinars

More Webinars

Analytics
Standby Eligibility and Claims Solutions: Diversify Your Risk & Ensure Business Continuity
Interoperability
Nursing Leadership, Operational Innovation, and Emerging Technologies with AONL
Artificial Intelligence
Loving the AI Revolution: How Automation is Humanizing Healthcare and Improving Provider Well-Being

Video

Ilir Kullolli, Stanford Medicine Children's Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
HIMSS-ACCE working together to advance digital health
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts
Priyanka Jain, Evvy_Hand holding sample vial Photo courtesy of Evvy
How one women's health startup tests fertility outcomes
Keisuke Nakagawa, UC San Diego Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
Can technology help bring the human touch back to medicine?

More Stories

Lee Kim, HIMSS_Las Vegas skyline Photo by halbergman/E+/Getty Images
Past year's data breaches often stemmed from remediable cybersecurity gaps
Cathy Menkiena, Health Catalyst_Las Vegas skyline Photo by halbergman/E+/Getty Images
Innovative – and useful – tech is key to empowering care teams
Sameer Sethi of Hackensack Meridian Health on AI
Hackensack Meridian Chief AI Officer on the intersection of business and technology
Doctor checking and tracking information on a computer
HHS updates regulatory guides for the safe use of EHRs
Sameer Sethi, Hackensack Meridian Health_Computer neural network concept Photo by dan/Moment/Getty Images
Chief AI Officer on becoming one and working with the C-suite
Businessperson signing piece of paper
White House releases guidance on federal AI use and procurement
Dr. Ateev Mehrotra of Brown University School of Public Health on telehealth policy
Brown University policy expert talks about the future of telehealth flexibilities
Micky Tripathi, former HHS acting chief AI officer
Former National Coordinator headed to Mayo Clinic, reports say
Home

More News

  • MobiHealthNews
  • Healthcare Finance News
  • Healthcare Payers News

Newsletter Signup

HIMSS25 European Health Conference & Exhibition
HIMSS25 European Health Conference & Exhibition
Get ready for knowledge-sharing, all the latest innovations, and in-depth demos with Europe's most influential healthcare community.
10 - 12 June, 2025 | Paris
Learn More
AI in Healthcare Forum
AI in Healthcare Forum
The HIMSS AI in Healthcare Forum cuts through the hype to showcase real-world examples illustrating the transformative potential, and realistic challenges of AI application across the care continuum.
10 - 11 July 2025 | New York
Learn More

Footer Menu

  • About
  • Advertise
  • Reprints
  • Contact
  • Privacy Policy

© 2025 Healthcare IT News is a publication of HIMSS Media

X

Topics

  • Video
  • Analytics
  • Artificial Intelligence
  • Cloud Computing
  • EHR
  • Government & Policy
  • Interoperability
  • Patient Engagement
  • Population Health
  • Precision Medicine
  • Privacy & Security
  • Telehealth
  • Women In Health IT

Career

  • Events
  • Jobs
  • Research Papers
  • Webinars

More

  • About
  • Advertise
  • Contact
  • Special Projects
  • Video

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition

The Daily Brief Newsletter

Get daily news updates from Healthcare IT News.

Search form

Top Stories

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff
HIMSSCast logo
HIMSSCast: Should every healthcare organization have an AI strategy?
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts