ALEXANDRIA, Va., Feb. 26, 2025 /PRNewswire/ — Bluesight, the leading provider of inventory management, procurement, and compliance solutions for health systems and hospital pharmacies, today released its 2025 Breach Barometer report. The report, featuring analysis from DataBreaches.net and Clearwater, examines data breaches over the past year affecting U.S. patient and health data, highlighting the growing challenges healthcare organizations face in securing patient data.
Key findings from the 2025 Breach Barometer include:
- More than 300 million patient records breached in 2024, a 26% increase over 2023. This included the largest healthcare breach ever recorded, affecting 1 in 2 Americans.
- Insider threats, hackers and third-party relationships drove breach impact in 2024, with business associates accounting for the majority of breached records (77%) in the 2024 Breach Barometer dataset.
- Breach notifications took an average of 205 days after an incident in 2024, compared to 177 days in the previous year, leaving affecting individuals unaware of the risks to their personal data.
The report highlights the growing cybersecurity challenges in healthcare, with a record-breaking 305.5 million patient records breached in 2024, compared to 171.1 million in 2023. These breaches frequently disrupted hospital operations, leading to delays, appointment cancellations, and direct harm to patient care. Insider threats, such as data snooping or improper sharing, further eroded patient trust, making reputational recovery difficult for affected healthcare providers.
“Securing patient data continues to be an issue for all healthcare facilities as the industry grapples with ongoing cybersecurity threats and notifying patients of a breach. The report serves as an important call to action for the healthcare industry to take a stronger approach to strengthening data security and protecting sensitive information,” said Kevin MacDonald, Bluesight CEO and co-founder. “By leveraging machine learning to safeguard protected health information, such as Bluesight’s patient privacy monitoring solution, healthcare organizations can focus on delivering exceptional care while protecting data, maintaining regulatory compliance, and mitigating both reputational and financial risks.”
Beyond operational and trust-related challenges, breaches also had significant financial consequences. Many healthcare organizations faced increased patient churn, as individuals sought alternative providers where available. Rising cyber insurance costs added another layer of strain, with some entities struggling to obtain coverage due to heightened risks. Additionally, hundreds of entities failed to disclose these breaches or notify patients promptly, leaving individuals exposed to prolonged risk and raising compliance concerns.
Addressing these vulnerabilities through proactive cybersecurity measures and greater transparency is critical to safeguarding patient data and reinforcing trust in the healthcare system.
Read the full 2024 Bluesight Breach Barometer Report here.
The Breach Barometer, originally developed by recently acquired Protenus, has tracked data breaches affecting U.S. patients and health data since 2016. Now under Bluesight, it will continue through the company’s patient privacy monitoring solution, which leverages machine learning to enhance the protection of protected health information (PHI) with greater accuracy and efficiency.
About Bluesight
Bluesight powers hospital operations with intelligence that simplifies inventory management, procurement, and compliance. Through its suite of industry-leading solutions, Bluesight ensures that health systems protect every patient and optimize every dollar. Over 2,400 United States and Canadian hospitals rely on Bluesight every day to have efficient and safe operations. For more information, please visit Bluesight’s website.
About DataBreaches.net
DataBreaches.net is a website devoted to reporting on data security breaches, their impact, and legislative developments relevant to protecting consumer and patient information. In addition to providing news aggregation from global sources, the site also features original investigative reporting and commentary by the site’s owner, a healthcare professional and privacy advocate who has blogged pseudonymously as “Dissent Doe” since 2006.
About Clearwater
Clearwater helps organizations across the healthcare ecosystem move to a more secure, compliant, and resilient state so they can achieve their missions. The company provides a deep pool of experts across a broad range of cybersecurity, privacy, and compliance domains, purpose-built software that enables efficient identification and management of cybersecurity and compliance risks, managed cloud services, and a 24/7 Security Operations Center with managed threat detection and response capabilities. To learn more, please visit www.clearwatersecurity.com.
SOURCE Bluesight