DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bluesight’s 2025 Breach Barometer Report Reveals Surge in Healthcare Data Breaches

Posted on February 26, 2025 by Dissent

ALEXANDRIA, Va., Feb. 26, 2025 /PRNewswire/ — Bluesight, the leading provider of inventory management, procurement, and compliance solutions for health systems and hospital pharmacies, today released its 2025 Breach Barometer report. The report, featuring analysis from DataBreaches.net and Clearwater, examines data breaches over the past year affecting U.S. patient and health data, highlighting the growing challenges healthcare organizations face in securing patient data.

Key findings from the 2025 Breach Barometer include:

  • More than 300 million patient records breached in 2024, a 26% increase over 2023. This included the largest healthcare breach ever recorded, affecting 1 in 2 Americans.
  • Insider threats, hackers and third-party relationships drove breach impact in 2024, with business associates accounting for the majority of breached records (77%) in the 2024 Breach Barometer dataset.
  • Breach notifications took an average of 205 days after an incident in 2024, compared to 177 days in the previous year, leaving affecting individuals unaware of the risks to their personal data.

The report highlights the growing cybersecurity challenges in healthcare, with a record-breaking 305.5 million patient records breached in 2024, compared to 171.1 million in 2023. These breaches frequently disrupted hospital operations, leading to delays, appointment cancellations, and direct harm to patient care. Insider threats, such as data snooping or improper sharing, further eroded patient trust, making reputational recovery difficult for affected healthcare providers.

“Securing patient data continues to be an issue for all healthcare facilities as the industry grapples with ongoing cybersecurity threats and notifying patients of a breach. The report serves as an important call to action for the healthcare industry to take a stronger approach to strengthening data security and protecting sensitive information,” said Kevin MacDonald, Bluesight CEO and co-founder. “By leveraging machine learning to safeguard protected health information, such as Bluesight’s patient privacy monitoring solution, healthcare organizations can focus on delivering exceptional care while protecting data, maintaining regulatory compliance, and mitigating both reputational and financial risks.”

Beyond operational and trust-related challenges, breaches also had significant financial consequences. Many healthcare organizations faced increased patient churn, as individuals sought alternative providers where available. Rising cyber insurance costs added another layer of strain, with some entities struggling to obtain coverage due to heightened risks. Additionally, hundreds of entities failed to disclose these breaches or notify patients promptly, leaving individuals exposed to prolonged risk and raising compliance concerns.

Addressing these vulnerabilities through proactive cybersecurity measures and greater transparency is critical to safeguarding patient data and reinforcing trust in the healthcare system.

Read the full 2024 Bluesight Breach Barometer Report here.

The Breach Barometer, originally developed by recently acquired Protenus, has tracked data breaches affecting U.S. patients and health data since 2016. Now under Bluesight, it will continue through the company’s patient privacy monitoring solution, which leverages machine learning to enhance the protection of protected health information (PHI) with greater accuracy and efficiency.

About Bluesight
Bluesight powers hospital operations with intelligence that simplifies inventory management, procurement, and compliance. Through its suite of industry-leading solutions, Bluesight ensures that health systems protect every patient and optimize every dollar. Over 2,400 United States and Canadian hospitals rely on Bluesight every day to have efficient and safe operations. For more information, please visit Bluesight’s website.

About DataBreaches.net
DataBreaches.net is a website devoted to reporting on data security breaches, their impact, and legislative developments relevant to protecting consumer and patient information. In addition to providing news aggregation from global sources, the site also features original investigative reporting and commentary by the site’s owner, a healthcare professional and privacy advocate who has blogged pseudonymously as “Dissent Doe” since 2006.

About Clearwater
Clearwater helps organizations across the healthcare ecosystem move to a more secure, compliant, and resilient state so they can achieve their missions. The company provides a deep pool of experts across a broad range of cybersecurity, privacy, and compliance domains, purpose-built software that enables efficient identification and management of cybersecurity and compliance risks, managed cloud services, and a 24/7 Security Operations Center with managed threat detection and response capabilities. To learn more, please visit www.clearwatersecurity.com.

SOURCE Bluesight

Category: Commentaries and AnalysesHealth DataOf NoteSubcontractorU.S.

Post navigation

← Medusa Unveils Another 50TB of Stolen Data from HCRG Care Group, Giving Greater Insight Into the Scope of the Breach
Business Associate breaches account for the largest percentage of breached patient records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.