DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bluesight’s 2025 Breach Barometer Report Reveals Surge in Healthcare Data Breaches

Posted on February 26, 2025 by Dissent

ALEXANDRIA, Va., Feb. 26, 2025 /PRNewswire/ — Bluesight, the leading provider of inventory management, procurement, and compliance solutions for health systems and hospital pharmacies, today released its 2025 Breach Barometer report. The report, featuring analysis from DataBreaches.net and Clearwater, examines data breaches over the past year affecting U.S. patient and health data, highlighting the growing challenges healthcare organizations face in securing patient data.

Key findings from the 2025 Breach Barometer include:

  • More than 300 million patient records breached in 2024, a 26% increase over 2023. This included the largest healthcare breach ever recorded, affecting 1 in 2 Americans.
  • Insider threats, hackers and third-party relationships drove breach impact in 2024, with business associates accounting for the majority of breached records (77%) in the 2024 Breach Barometer dataset.
  • Breach notifications took an average of 205 days after an incident in 2024, compared to 177 days in the previous year, leaving affecting individuals unaware of the risks to their personal data.

The report highlights the growing cybersecurity challenges in healthcare, with a record-breaking 305.5 million patient records breached in 2024, compared to 171.1 million in 2023. These breaches frequently disrupted hospital operations, leading to delays, appointment cancellations, and direct harm to patient care. Insider threats, such as data snooping or improper sharing, further eroded patient trust, making reputational recovery difficult for affected healthcare providers.

“Securing patient data continues to be an issue for all healthcare facilities as the industry grapples with ongoing cybersecurity threats and notifying patients of a breach. The report serves as an important call to action for the healthcare industry to take a stronger approach to strengthening data security and protecting sensitive information,” said Kevin MacDonald, Bluesight CEO and co-founder. “By leveraging machine learning to safeguard protected health information, such as Bluesight’s patient privacy monitoring solution, healthcare organizations can focus on delivering exceptional care while protecting data, maintaining regulatory compliance, and mitigating both reputational and financial risks.”

Beyond operational and trust-related challenges, breaches also had significant financial consequences. Many healthcare organizations faced increased patient churn, as individuals sought alternative providers where available. Rising cyber insurance costs added another layer of strain, with some entities struggling to obtain coverage due to heightened risks. Additionally, hundreds of entities failed to disclose these breaches or notify patients promptly, leaving individuals exposed to prolonged risk and raising compliance concerns.

Addressing these vulnerabilities through proactive cybersecurity measures and greater transparency is critical to safeguarding patient data and reinforcing trust in the healthcare system.

Read the full 2024 Bluesight Breach Barometer Report here.

The Breach Barometer, originally developed by recently acquired Protenus, has tracked data breaches affecting U.S. patients and health data since 2016. Now under Bluesight, it will continue through the company’s patient privacy monitoring solution, which leverages machine learning to enhance the protection of protected health information (PHI) with greater accuracy and efficiency.

About Bluesight
Bluesight powers hospital operations with intelligence that simplifies inventory management, procurement, and compliance. Through its suite of industry-leading solutions, Bluesight ensures that health systems protect every patient and optimize every dollar. Over 2,400 United States and Canadian hospitals rely on Bluesight every day to have efficient and safe operations. For more information, please visit Bluesight’s website.

About DataBreaches.net
DataBreaches.net is a website devoted to reporting on data security breaches, their impact, and legislative developments relevant to protecting consumer and patient information. In addition to providing news aggregation from global sources, the site also features original investigative reporting and commentary by the site’s owner, a healthcare professional and privacy advocate who has blogged pseudonymously as “Dissent Doe” since 2006.

About Clearwater
Clearwater helps organizations across the healthcare ecosystem move to a more secure, compliant, and resilient state so they can achieve their missions. The company provides a deep pool of experts across a broad range of cybersecurity, privacy, and compliance domains, purpose-built software that enables efficient identification and management of cybersecurity and compliance risks, managed cloud services, and a 24/7 Security Operations Center with managed threat detection and response capabilities. To learn more, please visit www.clearwatersecurity.com.

SOURCE Bluesight

Category: Commentaries and AnalysesHealth DataOf NoteSubcontractorU.S.

Post navigation

← Medusa Unveils Another 50TB of Stolen Data from HCRG Care Group, Giving Greater Insight Into the Scope of the Breach
Business Associate breaches account for the largest percentage of breached patient records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.