A new study shows ransomware attacks accounted for 69% of all patient records compromised in 2024.
A new study led by researchers from Michigan State University, Yale University, and Johns Hopkins University reveals that ransomware attacks—which involve a hacker putting encryption controls into a file and then demanding a ransom to unlock the files—have become the primary driver of health care data breaches in the United States, compromising 285 million patient records over 15 years.
Published May 14 in JAMA Network Open, the study provides a comprehensive analysis of ransomware’s role in health care breaches across all entities covered by privacy laws—hospitals, physician practices, health plans, and data clearinghouses—from 2010 to 2024.
“Ransomware has become the most disruptive force in health care cybersecurity,” says John (Xuefeng) Jiang, PhD, Eli Broad Endowed Professor of accounting and information systems in the MSU Broad College of Business and lead author of the study, in a release. “Hospitals have been forced to delay care, shut down systems, and divert patients—all while sensitive patient data is held hostage.”
The study found that although ransomware accounted for just 11% of breaches in 2024 by number, those attacks alone were responsible for 69% of all patient records compromised that year. Since 2010, ransomware incidents have contributed to the exposure of 285 million patient records—many of which likely involve multiple breaches of the same individuals.
In addition to Jiang, the research team includes Joseph Ross, MD, MHS, professor at the Yale School of Medicine, and Ge Bai, PhD, CPA, former doctoral student in the MSU Broad College of Business and now professor of accounting and health policy at Johns Hopkins University.
Ransomware Breaches Surge from Zero in 2010
Key findings of the study include:
- Ransomware breaches increased from 0 in 2010 to 222 in 2021, accounting for nearly a third of all major health care breaches that year.
- The overall share of breaches caused by hacking or information technology incidents surged from 4% in 2010 to 81% in 2024.
- Of the 732 million total patient records exposed between 2010 and 2024, 88% (643 million records) were linked to hacking-related incidents, including 39% (285 million) specifically from ransomware.
These numbers likely underestimate the true extent of the problem due to underreporting, reluctance to disclose ransom payments, and the exclusion of smaller breaches affecting fewer than 500 individuals, note the researchers.
“Ransomware attacks expose just how fragile our digital health infrastructure has become. Healthcare organizations operate under immense pressure, and ransomware attacks don’t just breach patient privacy—they disrupt service delivery, erode trust, and lead to personnel spending time, effort, and expense on activities that do not improve patient care,” says Ross in a release.
This new research builds on the team’s prior work documenting the scope and causes of data breaches in the health sector. Earlier studies showed that internal errors by health care providers—not hackers—were responsible for more than half of all breaches, including misdirected emails, lost devices, and unauthorized employee access. In a 2020 study, the team classified the specific types of information leaked in health care breaches, finding that over 70% of breaches compromised sensitive demographic or financial data—such as Social Security numbers, birthdates, and bank accounts—that could lead to identity theft or financial fraud. In contrast, breaches involving sensitive medical information, such as mental health or cancer diagnoses, were far less frequent.
“Whether it’s insiders making mistakes or criminal groups deploying ransomware, the effect on patients is the same: their most personal data is at risk,” says Bai in a release. “By understanding what’s being targeted, we can help health care organizations strengthen their defenses.”
Regulatory Actions to Mitigate Ransomware Risks
The researchers suggest several steps federal regulators can take to reduce future risks:
- Require hospitals and insurers to report whether ransomware was involved in a breach.
- Update breach severity assessments to reflect not just how many records were compromised, but how much care was disrupted.
- Monitor cryptocurrency flows to make ransom payments harder for attackers to collect.
“Health care providers have limited cybersecurity resources, so it’s essential to focus protection on the most sensitive types of information,” says Jiang in a release. “The solutions are within reach—what we need now is coordination, transparency, and urgency.
ID 124742804 © Andrey Popov | Dreamstime.com
