supernav-iconJoin Us at AWS re:Invent 2024

Contact Sales

  • Sign In
  • Get Started
HomeBlogStates Most Impacted by Healthcare Data Breaches

States Most Impacted by Healthcare Data Breaches in 2022

Drata analyzed Department of Health and Human Services data to determine which states felt the largest effects from healthcare data breaches in 2022.
Dom DiFurio

by Dom DiFurio

July 20, 2023
Healthcare Breach States - Header
Contents
Hacking and IT Incidents Dominate Reasons Sensitive Information Was Breached at Healthcare Organizations in 2022
image31

It starts with an often-paralyzing attack on computer systems. Doctors scramble to notify patients awaiting surgery that their procedures have been delayed due to a ransomware attack.

Sometimes a single cyberattack can impact hospitals across multiple states, as was the case when hackers targeted CommonSpirit Health in October 2022. Just one reported case of ransomware has allegedly led to the death of a patient. More often, patients' sensitive information is served up to a market of seedy individuals around the world ready to cash in on someone else's identity.

Drata analyzed Department of Health and Human Services data to determine which states felt the largest impacts due to healthcare data breaches in 2022. The total number of individuals affected by all healthcare data breaches in each state reported to HHS was normalized as a rate per 10,000 people. Data was not available for Alaska, Idaho, and Washington D.C.

The HITECH Act, signed into federal law in 2009, requires companies to report the breach of protected health information affecting 500 or more people to HHS. Around 38.5 million people in total were affected in some way by the incidents reported to HHS last year. Unfortunately, the data does not make it possible to know how many people may have been affected by more than one breach.

Healthcare institutions are among the most targeted businesses in the world, chiefly because they hold such sensitive information about the patients they serve. Hospitals, home health agencies, and other institutions store patients' phone numbers, Social Security numbers, addresses, and other things that would allow any would-be criminal to pose as a patient and open new credit cards or bank accounts in their name.

In fact, roughly 44% of all reported identity theft in 2022 resulted in a fraudulent credit card account being opened, according to Federal Trade Commission data. The agency received a record number of fraud reports in 2021, with the total fraud reports for 2022 coming in on par with 2020. The years 2020 and 2021 marked an important pivot in how consumers shared their personal information, with the adoption of digital banking and retail shopping driven to modern highs as a result of the COVID-19 pandemic.

In 2022, the FBI's Internet Crime Complaint Center received millions of complaints of cybercrime with losses totaling $10.3 billion. It can take time—even years—for personal information compromised in a data breach to be used for a crime that brings the event to the attention of the FBI.

But the pandemic also drove a rise in cyberattacks on hospitals and other healthcare businesses. And a good deal of that sensitive information begins its journey into nefarious hands when a hacker illegally accesses information at a healthcare institution.

image3

Hacking and IT Incidents Dominate Reasons Sensitive Information Was Breached at Healthcare Organizations in 2022

Sometimes an employee's oversight in crafting an email with the wrong link or attachment can allow unauthorized access to private information, as happened in Wisconsin's Department of Health and Human Services last year. However, the vast majority of data breaches at these companies happen through hacking and IT incidents.

Most often, hackers accomplish this with malware that locks up the data until the victim organization pays the attacker a ransom. The federal government recommends against paying ransoms because companies cannot guarantee that a copy of the data won't be sold to criminals anyway after the ransom is paid, and therefore paying is thought to encourage more of the behavior.

In the top five states where the largest portion of the population was impacted by data breaches at healthcare organizations last year, all most commonly saw data breaches resulting from hacking.

image5

48. Mississippi

- People affected per 10,000 residents: 0.4 - Breaches reported: 1 - Most common type of breach: Unauthorized Access/Disclosure

image12

47. Iowa

- People affected per 10,000 residents: 0.5 - Breaches reported: 1 - Most common type of breach: Hacking/IT Incident

image24

46. Wyoming

- People affected per 10,000 residents: 2.8 - Breaches reported: 1 - Most common type of breach: Unauthorized Access/Disclosure

image13

45. Virginia

- People affected per 10,000 residents: 6.3 - Breaches reported: 20 - Most common type of breach: Hacking/IT Incident

image48

44. South Dakota

- People affected per 10,000 residents: 7.4 - Breaches reported: 3 - Most common type of breach: Hacking/IT Incident

image32

43. Nevada

- People affected per 10,000 residents: 8.1 - Breaches reported: 3 - Most common type of breach: Hacking/IT Incident

image2

42. Maine

- People affected per 10,000 residents: 8.6 - Breaches reported: 1 - Most common type of breach: Hacking/IT Incident

image26

41. Nebraska

- People affected per 10,000 residents: 11.2 - Breaches reported: 6 - Most common type of breach: Hacking/IT Incident

image29

40. Connecticut

- People affected per 10,000 residents: 13.2 - Breaches reported: 7 - Most common type of breach: Hacking/IT Incident

image34

39. Minnesota

- People affected per 10,000 residents: 13.3 - Breaches reported: 6 - Most common type of breach: Hacking/IT Incident

image50

38. Florida

- People affected per 10,000 residents: 13.7 - Breaches reported: 23 - Most common type of breach: Hacking/IT Incident

image37

37. South Carolina

- People affected per 10,000 residents: 16.8 - Breaches reported: 5 - Most common type of breach: Hacking/IT Incident

image20

36. Maryland

- People affected per 10,000 residents: 17.1 - Breaches reported: 11 - Most common type of breach: Hacking/IT Incident

image51

35. New Mexico

- People affected per 10,000 residents: 21 - Breaches reported: 1 - Most common type of breach: Hacking/IT Incident

image1

34. Delaware

- People affected per 10,000 residents: 21.6 - Breaches reported: 3 - Most common type of breach: Hacking/IT Incident

image14

33. Rhode Island

- People affected per 10,000 residents: 22.7 - Breaches reported: 5 - Most common type of breach: Hacking/IT Incident

image9

32. Ohio

- People affected per 10,000 residents: 24.3 - Breaches reported: 20 - Most common type of breach: Hacking/IT Incident

image30

31. New Jersey

- People affected per 10,000 residents: 29.1 - Breaches reported: 22 - Most common type of breach: Hacking/IT Incident

image12

30. Georgia

- People affected per 10,000 residents: 29.3 - Breaches reported: 17 - Most common type of breach: Hacking/IT Incident

image21

29. Arkansas

- People affected per 10,000 residents: 29.4 - Breaches reported: 4 - Most common type of breach: Hacking/IT Incident

image33

28. Hawaii

- People affected per 10,000 residents: 40.9 - Breaches reported: 3 - Most common type of breach: Hacking/IT Incident

image38

27. Utah

- People affected per 10,000 residents: 41.1 - Breaches reported: 4 - Most common type of breach: Hacking/IT Incident

image11

26. Missouri

- People affected per 10,000 residents: 44.5 - Breaches reported: 9 - Most common type of breach: Hacking/IT Incident

image17

25. California

- People affected per 10,000 residents: 49.4 - Breaches reported: 31 - Most common type of breach: Hacking/IT Incident

image10

24. Alabama

- People affected per 10,000 residents: 59.5 - Breaches reported: 5 - Most common type of breach: Hacking/IT Incident

image45

23. Kansas

- People affected per 10,000 residents: 76.2 - Breaches reported: 8 - Most common type of breach: Hacking/IT Incident

image19

22. New York

- People affected per 10,000 residents: 81.8 - Breaches reported: 43 - Most common type of breach: Hacking/IT Incident

image41

21. Tennessee

- People affected per 10,000 residents: 83.5 - Breaches reported: 11 - Most common type of breach: Hacking/IT Incident

image39

20. Louisiana

- People affected per 10,000 residents: 87.4 - Breaches reported: 3 - Most common type of breach: Hacking/IT Incident

image38

19. North Carolina

- People affected per 10,000 residents: 87.9 - Breaches reported: 18 - Most common type of breach: Hacking/IT Incident

image49

18. Vermont

- People affected per 10,000 residents: 91.8 - Breaches reported: 1 - Most common type of breach: Hacking/IT Incident

image46

17. Oregon

- People affected per 10,000 residents: 94.5 - Breaches reported: 6 - Most common type of breach: Hacking/IT Incident

image47

16. Oklahoma

- People affected per 10,000 residents: 97.8 - Breaches reported: 4 - Most common type of breach: Hacking/IT Incident

image22

15. New Hampshire

- People affected per 10,000 residents: 116.8 - Breaches reported: 8 - Most common type of breach: Hacking/IT Incident

image4

14. Washington

- People affected per 10,000 residents: 136.6 - Breaches reported: 18 - Most common type of breach: Hacking/IT Incident

image27

13. Texas

- People affected per 10,000 residents: 139.7 - Breaches reported: 40 - Most common type of breach: Hacking/IT Incident

image16

12. Kentucky

- People affected per 10,000 residents: 140.3 - Breaches reported: 3 - Most common type of breach: Hacking/IT Incident

image18

11. Illinois

- People affected per 10,000 residents: 188.5 - Breaches reported: 21 - Most common type of breach: Hacking/IT Incident

image35

10. Montana

- People affected per 10,000 residents: 196.1 - Breaches reported: 2 - Most common type of breach: Hacking/IT Incident

image7

9. Michigan

- People affected per 10,000 residents: 208.6 - Breaches reported: 21 - Most common type of breach: Hacking/IT Incident

image8

8. Arizona

- People affected per 10,000 residents: 213.2 - Breaches reported: 9 - Most common type of breach: Hacking/IT Incident

image42

7. Pennsylvania

- People affected per 10,000 residents: 232.8 - Breaches reported: 27 - Most common type of breach: Hacking/IT Incident

image23

6. Indiana

- People affected per 10,000 residents: 306.1 - Breaches reported: 14 - Most common type of breach: Hacking/IT Incident

image36

5. Massachusetts

- People affected per 10,000 residents: 335.5 - Breaches reported: 13 - Most common type of breach: Hacking/IT Incident

image15

4. Colorado

- People affected per 10,000 residents: 395.8 - Breaches reported: 9 - Most common type of breach: Hacking/IT Incident

image26

3. North Dakota

- People affected per 10,000 residents: 655.2 - Breaches reported: 1 - Most common type of breach: Hacking/IT Incident

image43

2. West Virginia

- People affected per 10,000 residents: 703.9 - Breaches reported: 7 - Most common type of breach: Hacking/IT Incident

image25

1. Wisconsin

- People affected per 10,000 residents: 743.2 - Breaches reported: 9 - Most common type of breach: Hacking/IT Incident

Trusted Newsletter
Resources for you
Cybersecurity Issues in Healthtech

5 Cybersecurity Challenges in Healthtech + How to Address Them

What You Need to Know About the New Cybersecurity Strategy - Thumbnail

What You Need to Know About the New National Cybersecurity Strategy

Demand for Cybersecurity Talent

Demand for Cybersecurity Analysts Is Growing Twice as Fast as the Workforce

AI and New Technologies List

How Machine Learning and New AI Technologies Could Change the Cybersecurity Landscape

Dom DiFurio
Dom DiFurio
Data Journalist
Related Resources
Cybersecurity Issues in Healthtech

5 Cybersecurity Challenges in Healthtech + How to Address Them

What You Need to Know About the New Cybersecurity Strategy - Thumbnail

What You Need to Know About the New National Cybersecurity Strategy

Demand for Cybersecurity Talent

Demand for Cybersecurity Analysts Is Growing Twice as Fast as the Workforce

AI and New Technologies List

How Machine Learning and New AI Technologies Could Change the Cybersecurity Landscape