As first reported by The Business Journal, a staggering 198% increase in healthcare data breaches in the U.S. was recorded between 2023 and 2024, according to a new study by web hosting firm KnownHost. The number of reported incidents surged from 149 to 444, exposing the personal health information of over 328 million individuals—a figure that nearly matches the entire U.S. population. The study, based on data from the U.S. Department of Health and Human Services Office for Civil Rights, spans incidents reported from February 2023 to April 2025.
The data highlights a critical vulnerability in the healthcare sector’s digital infrastructure. Minnesota led the nation in records compromised, with 191 million records exposed across just 21 breaches, averaging over 9 million per incident. California followed closely, with 22.6 million records breached, including a high-profile case where 13.4 million patients’ data were inadvertently shared with platforms like Google, Bing, and X due to a misconfiguration.
Other heavily impacted states included Texas (67 breaches), New York (60), and Illinois (55). In contrast, states like Vermont and Wyoming reported no breaches, while Nevada and the District of Columbia reported only one and two incidents respectively. Notably, 675 of the 807 total breaches nationwide were attributed to hacking and IT-related incidents, while another 110 were caused by unauthorized internal access or disclosure, pointing to risks both outside and inside healthcare organizations.
KnownHost CEO Daniel Pearson stressed the urgent need for healthcare providers to adopt modern, proactive cybersecurity measures, such as HIPAA-compliant hosting, end-to-end encryption, and mandatory staff security training. As healthcare becomes increasingly reliant on digital platforms, these defenses are essential to prevent further mass exposures and protect sensitive patient information.
The exponential rise in healthcare data breaches across the U.S. paints a troubling picture of digital vulnerability in a sector that touches nearly every American. With hundreds of millions of personal records compromised, the industry must rapidly evolve its cybersecurity posture to address both external threats and internal weaknesses—before the next breach strikes.
