News
The U.S. States with Highest Rates of Medical Data Breaches
A recent study has identified the U.S. states with the highest rates of healthcare-related data breaches over the last 15 years, their causes and the number of patients that were impacted.
According to a study commissioned by QRFY, since 2009, Connecticut reported the most healthcare data breaches per 100 health organizations. Connecticut has a breach rate of 1.5, which is 71 percent higher than the national average of 0.88.
Specifically, per the study, there were 115 breaches reported in Connecticut across its 7,680 medical organizations between 2009 and 2024. Each breach affected an average of 30,190 people; cumulatively, the breaches have affected 3.47 million Connecticut residents.
The cause of over half of the breaches in Connecticut -- as it was for the vast majority of states -- was "hacking or IT incidents."
Indiana was a close second, with a breach rate of 1.44, though its raw number of affected residents is much bigger than Connecticut's. In fact, Indiana is first in the country when it comes to the total number of compromised records since 2009 (91.53 million) and the average number of patients affected with each breach (575,655).
Rhode Island, the smallest state, rounds out the Top 3 with a breach rate of 1.39. The state has reported a total of 33 breaches across its 2,366 health organizations, affecting a total of 223,664 people (an average of 6,778 each breach).
Notably, the biggest culprit of healthcare breaches in Rhode Island is "theft."
The below tables list the Top 10 states by breach rate (Figure 1), how they compare in terms of total number of affected people and average impact per breach (Figure 2), and the breakdown of breach causes for each state (Figure 3).
To find this data, QRFY "analyzed each state's number of health data breaches reported between 2009 and 2024 to the U.S. Department of Health and Human Services, Office for Civil Rights, by comparing this with 2021 U.S. Census Bureau data on the number of firms handling health data in each state to see which state has the highest rate of health data breaches per 100 health firms."
Overall, the report identified 6,190 reported data breaches across the United States since 2009, affecting over 572 million people.
"[A] person's healthcare data is potentially some of the most intimate and individualized data available," said QRFY CEO Marc Porcar in a prepared statement. "In the right hands, this data can massively increase positive outcomes for a patient, plus it allows healthcare organizations to work efficiently. However, in the wrong hands, data breaches can put individuals at risk of invasion of privacy, harassment, and identity theft."