Over the past decade, U.S. healthcare has been under near-constant cyber siege.

According to a new analysis by RiskRecon, 37% of all publicly reported data breaches in the U.S. from 2015 to 2024 were attributed to healthcare organizations. That’s more than education, finance, and government—combined.

What’s driving this alarming trend?

Healthcare organizations are entrusted with life-critical systems and deeply sensitive data. And they operate sprawling, complex IT environments often supported by a vast network of third parties. This combination makes them both highly attractive to attackers and incredibly difficult to secure.

Breaches are Decreasing—But Risk Remains

While the overall number of publicly reported U.S. breaches dropped 40% from 2023 to 2024, healthcare still accounted for over one-third of all events. Notably, 28% of the 14,583 healthcare entities monitored in the study experienced at least one breach between 2015 and 2024.

Certain subsectors fare even worse:

  • Ambulance services had a 62% breach rate.

  • Insurance and benefits providers followed with 50%.

  • Hospitals reported a 49% breach event frequency.

Who's Behind the Attacks?

In 2023 alone, 62% of breaches were caused by external actors—nearly double the percentage from 2015. Meanwhile, insider-sourced breaches dropped dramatically, accounting for just 4% of cases.

The takeaway: attackers are exploiting system vulnerabilities and weak external defenses, often through third-party vendors. In fact, vendor-related breaches grew from 19% in 2015 to 34% in 2023.

A Proven Path Forward

Here’s the good news: the data clearly shows that cybersecurity hygiene matters.

Healthcare organizations rated “A” for hygiene by RiskRecon experienced a breach rate 4.4x lower than those rated “C,” “D,” or “F.” The worst-performing organizations had:

  • 12x more high/critical software vulnerabilities

  • 7x more unsafe services (like RDP or open databases)

  • 15x more encryption misconfigurations

Even more encouraging: organizations that were previously breached have significantly improved. The average number of high-severity issues dropped by more than 3x post-breach.

How RiskRecon Helps

RiskRecon empowers healthcare organizations to proactively manage cyber hygiene through continuous, outside-in risk assessments. Our platform distills vast attack surface data into clear ratings, helping organizations:

  • Identify and prioritize high-risk issues

  • Benchmark third-party performance

  • Drive improvement across the ecosystem

Want to learn more?

Download the full report here!