Over 1.1 million patient records exposed in Maryland, California ransomware incidents

In 2024, healthcare organizations in the US faced a surge in data breaches, with over 300 million patient records compromised—a 26% increase from the previous year. Major incidents included a ransomware attack on Ascension Health, impacting nearly 5.6 million records, and a breach at Frederick Health affecting over 934,000 individuals. Ransomware and hacking accounted for the vast majority of breaches, and third-party vendors were implicated in many cases, highlighting vulnerabilities in business associate relationships. Breaches often exposed highly sensitive information such as Social Security numbers, medical records, and clinical data, and notification delays averaged over 200 days. Healthcare organizations are now implementing enhanced prevention measures and offering affected individuals credit monitoring, but the frequency and scale of attacks underscore ongoing risks to patient privacy. Experts stress the need for stronger risk management and oversight of both internal practices and third-party partners.