DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bluesight’s 2025 Breach Barometer Report Reveals Surge in Healthcare Data Breaches

Posted on February 26, 2025 by Dissent

ALEXANDRIA, Va., Feb. 26, 2025 /PRNewswire/ — Bluesight, the leading provider of inventory management, procurement, and compliance solutions for health systems and hospital pharmacies, today released its 2025 Breach Barometer report. The report, featuring analysis from DataBreaches.net and Clearwater, examines data breaches over the past year affecting U.S. patient and health data, highlighting the growing challenges healthcare organizations face in securing patient data.

Key findings from the 2025 Breach Barometer include:

  • More than 300 million patient records breached in 2024, a 26% increase over 2023. This included the largest healthcare breach ever recorded, affecting 1 in 2 Americans.
  • Insider threats, hackers and third-party relationships drove breach impact in 2024, with business associates accounting for the majority of breached records (77%) in the 2024 Breach Barometer dataset.
  • Breach notifications took an average of 205 days after an incident in 2024, compared to 177 days in the previous year, leaving affecting individuals unaware of the risks to their personal data.

The report highlights the growing cybersecurity challenges in healthcare, with a record-breaking 305.5 million patient records breached in 2024, compared to 171.1 million in 2023. These breaches frequently disrupted hospital operations, leading to delays, appointment cancellations, and direct harm to patient care. Insider threats, such as data snooping or improper sharing, further eroded patient trust, making reputational recovery difficult for affected healthcare providers.

“Securing patient data continues to be an issue for all healthcare facilities as the industry grapples with ongoing cybersecurity threats and notifying patients of a breach. The report serves as an important call to action for the healthcare industry to take a stronger approach to strengthening data security and protecting sensitive information,” said Kevin MacDonald, Bluesight CEO and co-founder. “By leveraging machine learning to safeguard protected health information, such as Bluesight’s patient privacy monitoring solution, healthcare organizations can focus on delivering exceptional care while protecting data, maintaining regulatory compliance, and mitigating both reputational and financial risks.”

Beyond operational and trust-related challenges, breaches also had significant financial consequences. Many healthcare organizations faced increased patient churn, as individuals sought alternative providers where available. Rising cyber insurance costs added another layer of strain, with some entities struggling to obtain coverage due to heightened risks. Additionally, hundreds of entities failed to disclose these breaches or notify patients promptly, leaving individuals exposed to prolonged risk and raising compliance concerns.

Addressing these vulnerabilities through proactive cybersecurity measures and greater transparency is critical to safeguarding patient data and reinforcing trust in the healthcare system.

Read the full 2024 Bluesight Breach Barometer Report here.

The Breach Barometer, originally developed by recently acquired Protenus, has tracked data breaches affecting U.S. patients and health data since 2016. Now under Bluesight, it will continue through the company’s patient privacy monitoring solution, which leverages machine learning to enhance the protection of protected health information (PHI) with greater accuracy and efficiency.

About Bluesight
Bluesight powers hospital operations with intelligence that simplifies inventory management, procurement, and compliance. Through its suite of industry-leading solutions, Bluesight ensures that health systems protect every patient and optimize every dollar. Over 2,400 United States and Canadian hospitals rely on Bluesight every day to have efficient and safe operations. For more information, please visit Bluesight’s website.

About DataBreaches.net
DataBreaches.net is a website devoted to reporting on data security breaches, their impact, and legislative developments relevant to protecting consumer and patient information. In addition to providing news aggregation from global sources, the site also features original investigative reporting and commentary by the site’s owner, a healthcare professional and privacy advocate who has blogged pseudonymously as “Dissent Doe” since 2006.

About Clearwater
Clearwater helps organizations across the healthcare ecosystem move to a more secure, compliant, and resilient state so they can achieve their missions. The company provides a deep pool of experts across a broad range of cybersecurity, privacy, and compliance domains, purpose-built software that enables efficient identification and management of cybersecurity and compliance risks, managed cloud services, and a 24/7 Security Operations Center with managed threat detection and response capabilities. To learn more, please visit www.clearwatersecurity.com.

SOURCE Bluesight


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
Category: Commentaries and AnalysesHealth DataOf NoteSubcontractorU.S.

Post navigation

← Medusa Unveils Another 50TB of Stolen Data from HCRG Care Group, Giving Greater Insight Into the Scope of the Breach
Business Associate breaches account for the largest percentage of breached patient records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • BlackSuit ransomware site seized as part of Operation Checkmate
  • The day after XSS.is forum was seized, it struggles to come back online — but is it really them?
  • U.S. nuclear and health agencies hit in Microsoft SharePoint breach
  • Russia suspected of hacking Dutch prosecution service systems
  • Korea imposes 343 million won penalty on HAESUNG DS for data breach of 70,000 shareholders
  • Paying cyberattackers is wrong, right? Should Taos County’s incident be an exception? (1)
  • HHS OCR Settles HIPAA Ransomware Investigation with Syracuse ASC for $250k plus corrective action plan
  • IVF provider Genea notifies patients about the cyberattack earlier this year.
  • Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine
  • Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report