U.S. Healthcare Sector Faces Persistent Cyberattack Surge, Exposing Millions of Records
Since 2023, over 2,200 U.S. healthcare facilities have reported data breaches, highlighting critical vulnerabilities in patient record systems. While the number of affected individuals declined in 2025 dropping from 289 million in 2024 to 63 million attack volumes remain alarmingly high, according to research by Bridewell.
California has been the hardest-hit state, with 231 breaches exposing data on more than 52 million people. In response, the state enacted Senate Bill 446, mandating organizations to notify residents within 30 days using clear language about exposed data and remediation steps. Texas (172 incidents) and New York (159 breaches) follow as the next most impacted states. A February 2025 intrusion at New York City Health and Hospitals Corporation resulted in the theft of Social Security numbers, medical records, and biometric data after attackers evaded detection for two months.
Kelechi Onyedebelu, Bridewell’s director of security solutions presales, noted that while healthcare organizations are improving at limiting breach damage, they still struggle with preventing intrusions. The decline in affected individuals is partly attributed to faster detection and HIPAA-mandated network segmentation, which restricts attackers from moving laterally across systems.
Despite progress, 26% of healthcare organizations report low cybersecurity maturity. Major incidents persist, including a 2025 ransomware attack on Kettering Health, disrupting 14 medical centers by crippling phone lines and electronic health records. Minnesota and Georgia also face severe per-breach impacts, with Minnesota averaging 4.1 million affected individuals per incident across 48 breaches since 2023.
Source: https://securitytoday.com/articles/2026/04/28/us-healthcare-data-breach-crisis-impacts-millions.aspx
Kettering Health TPRM report: https://www.rankiteo.com/company/memorial-sloan-kettering-cancer-center
"id": "mem1777422356",
"linkid": "memorial-sloan-kettering-cancer-center",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'New York, USA',
'name': 'New York City Health and Hospitals '
'Corporation',
'type': 'Healthcare'},
{'industry': 'Healthcare',
'location': 'USA',
'name': 'Kettering Health',
'type': 'Healthcare'},
{'customers_affected': '52 million',
'industry': 'Healthcare',
'location': 'California, USA',
'type': 'Healthcare Facilities'},
{'industry': 'Healthcare',
'location': 'Texas, USA',
'type': 'Healthcare Facilities'},
{'industry': 'Healthcare',
'location': 'New York, USA',
'type': 'Healthcare Facilities'},
{'customers_affected': '4.1 million per incident '
'(average)',
'industry': 'Healthcare',
'location': 'Minnesota, USA',
'type': 'Healthcare Facilities'},
{'industry': 'Healthcare',
'location': 'Georgia, USA',
'type': 'Healthcare Facilities'}],
'data_breach': {'number_of_records_exposed': 'Millions',
'personally_identifiable_information': ['Social Security '
'numbers',
'biometric data'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'medical records',
'biometric data']},
'description': 'Since 2023, over 2,200 U.S. healthcare facilities have '
'reported data breaches, highlighting critical vulnerabilities '
'in patient record systems. California has been the '
'hardest-hit state, with 231 breaches exposing data on more '
'than 52 million people. Texas (172 incidents) and New York '
'(159 breaches) follow as the next most impacted states. Major '
'incidents include a 2025 ransomware attack on Kettering '
'Health and a February 2025 intrusion at New York City Health '
'and Hospitals Corporation.',
'impact': {'data_compromised': 'Millions of records exposed, including Social '
'Security numbers, medical records, and '
'biometric data',
'identity_theft_risk': 'High (exposure of Social Security numbers '
'and biometric data)',
'operational_impact': 'Disrupted 14 medical centers, crippled '
'phone lines and electronic health records',
'systems_affected': ['patient record systems',
'electronic health records',
'phone lines']},
'lessons_learned': 'Healthcare organizations are improving at limiting breach '
'damage but still struggle with preventing intrusions. '
'Faster detection and network segmentation help reduce '
'impact.',
'post_incident_analysis': {'corrective_actions': 'Network segmentation, '
'faster detection, '
'regulatory mandates (e.g., '
'Senate Bill 446)',
'root_causes': 'Critical vulnerabilities in '
'patient record systems, low '
'cybersecurity maturity (26% of '
'organizations), delayed detection'},
'references': [{'source': 'Bridewell Research'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'Senate Bill 446 '
'(California)'},
'response': {'communication_strategy': 'Senate Bill 446 mandates notification '
'within 30 days using clear language '
'about exposed data and remediation '
'steps',
'network_segmentation': 'HIPAA-mandated network segmentation to '
'restrict lateral movement'},
'title': 'U.S. Healthcare Sector Faces Persistent Cyberattack Surge, Exposing '
'Millions of Records',
'type': ['data_breach', 'ransomware']}