Healthcare data breaches in 2023 have reached alarming levels [4], with over 71.4 million individuals’ protected health information (PHI) compromised [4]. This has raised concerns about the security of patient data and the need for improved measures to protect sensitive information.


In 2023 [1] [2] [3] [4], there has been a significant increase in the number of people affected by health data breaches [2], with over 88 million individuals impacted [2] [3] [4], representing a 60% year-on-year increase [1]. The majority of these breaches [1] [2], accounting for 77% [3], are caused by cyberattacks [2], particularly hacking incidents. Recent research shows that 60% of healthcare organizations have experienced a ransomware breach in the last year [1], with data successfully encrypted in 75% of cases [1]. One notable example is the ransomware attack on Doctors’ Management Services [2], which compromised the health information of over 200,000 individuals [2]. Cyberattacks have also targeted hospitals, with over 220 affected in the first half of 2023, including HCA Healthcare, the nation’s largest for-profit hospital system [2], potentially impacting 11 million individuals [2].

The value of private health information makes healthcare organizations attractive targets for hackers [2], who often demand ransom payments [2]. However, federal authorities advise against paying these demands [2]. The past four years have seen a significant rise in large breaches reported to the HHS Office of Civil Rights [2], with a 239% increase [2]. The average cost of a health data breach is nearly $11 million [2].

Cybersecurity experts are warning about the risks cyberattacks pose to patient care [2], and guidelines have been published for hospitals and health systems to respond to such attacks and continue providing care without key electronic systems for weeks [2]. Immediate action is necessary to safeguard patient data and well-being [1].


The alarming increase in healthcare data breaches highlights the urgent need for improved security measures in the healthcare industry. Inadequate mobile device security has been identified as a major contributing factor to these breaches, expanding the attack surface and increasing the likelihood of cyber incidents [4]. It is crucial to protect sensitive patient data and mitigate the risks cyberattacks pose to patient care. The impacts of these breaches are significant, with millions of individuals’ information compromised and substantial financial costs incurred. Moving forward, it is essential for healthcare organizations to prioritize cybersecurity and implement robust measures to safeguard patient data and well-being.