Healthcare continued to be plagued by hackers and data leaks in 2024, with the industry experiencing its largest-ever cyberattack in February.
Here are the most consequential healthcare data breaches of 2024, according to Becker's:
1. Change Healthcare: The ransomware attack on the UnitedHealth Group claims processing subsidiary affected an estimated 100 million Americans, making it the biggest healthcare hack in history. The event delayed payments to healthcare providers for weeks.
2. Ascension (St. Louis): The 140-hospital system experienced a ransomware attack in May, disrupting operations at its facilities around the country. The hack affected the healthcare data of an estimated 5.6 million individuals.
3. Lurie Children's Hospital of Chicago: The January cyberattack disrupted care for patients of the pediatric health system, with more than 791,000 patient records being breached.
4. Cedars-Sinai (Los Angeles): A February cyberattack on the health system led to the indictment of two Sudanese nationals, one who faces up to life in prison for the hack.
5. Kaiser Foundation Health Plan: The payer arm of the Oakland, Calif.-based health system started notifying 13.4 million current and former members in May that it inadvertently shared information with third-party advertisers.
6. Geisinger (Danville, Pa.): The health system said in June that a former Nuance employee may have accessed the personal health information of 1.2 million individuals. The ex-Nuance staffer was later indicted after allegedly being found in possession of a thumb drive with the stolen data.
7. McLaren Health Care (Grand Blanc, Mich.): The August hack caused the 13-hospital system to revert to paper records and delay patient care — McLaren's second ransomware attack in a year.
8. UMC Health System (Lubbock, Texas): The ransomware attack shut down the health system's EHR for more than two weeks.
9. Atrium Health (Charlotte, N.C.): The health system apologized to nearly 600,000 users of its patient portal in December for potentially transmitting their data to Big Tech companies.
10. PIH Health (Whittier, Calif.): Hackers threatened to release 17 million patient records from the health system unless it met their demands. PIH Health took its IT systems offline following the Dec. 1 cyberattack.