Hacking Dominates Health Care Breaches as Kettering Health Hit by Ransomware 

• 88% of breached patient records since 2010 were due to hacking or IT incidents. 
• Data breaches doubled by 2024, with 91% of affected records tied to hacking. 
• Ransomware peaked in 2021 but still drives most major breaches. 
• Kettering Health’s May 20 attack shows the threat remains active and disruptive.

88% of Breached Patient Records Linked to Hacking Incidents 

New research published in JAMA Network in May 2025 provides the most comprehensive analysis to date of ransomware and data breaches in U.S. health care systems. The study examined 6,468 data breaches reported from 2010 to 2024 across all HIPAA-covered entities. 

Six Critical Insights from New Study on PHI Breaches: 

1. Protected Health Information (PHI) data breaches have more than doubled.
   In 2010, the U.S. Department of Health and Human Services (HHS) recorded 216 breaches affecting 500 or more patient records. By 2024, that number more than doubled to 566.  
2. Hacking and IT Incidents now dominate breaches.
   In 2010, only 4% of breaches (8 of 216) were tied to hacking or IT incidents. In 2024, that figure has skyrocketed to 81% (457 of 566).
3. The number of affected patient records has exploded.
   In 2010, breaches affected 6 million records. By 2024, that number had exploded to 170 million. Hacking was responsible for just 2% of those compromised records in 2010, compared to 91% in 2024.
4. Most exposed records are tied to hacking and ransomware.
   Between 2010 and 2024, 732 million patient records were breached. Of these, 88% (643 million) were attributed to hacking or IT incidents, while 39% (285 million) were specifically linked to ransomware.
5. Ransomware has impacted more than half of all patients affected by data breaches since 2020.
   In 2024 alone, 69% of affected patients were tied to ransomware incidents. This includes the ransomware attack on Change Healthcare, which resulted in $2.4 billion in response costs, operational paralysis across hospitals, and compromised the data of 100 million patients.
6. Ransomware peaked in 2021, but it hasn’t gone away.
   Ransomware attacks were nonexistent in 2010. By 2021, they peaked at 31% of all breaches (222 of 715). While that number dropped to 11% in 2024 (61 of 566), the risk is far from over, as this week’s cyberattack on Kettering Health shows.

Kettering Health Ransomware Attack Highlights Ongoing Threat

On May 20, Kettering Health reported a cyberattack that was causing a “system-wide technology outage” at the network’s 14 medical centers in Ohio, disrupting the call center, and leading to the cancellation of elective inpatient and outpatient procedures.  

According to a ransom note sent to Kettering Health, ransomware was deployed on its computer network. “Your network was compromised, and we have secured your most vital files,” the note stated. The note threatened to leak data allegedly stolen from Kettering Health online if the health network did not begin negotiating an extortion fee. 

Kettering Health has also confirmed reports of scam calls from individuals posing as Kettering Health team members and asking patients for credit card payments for medical expenses. 

While steps are being taken to contain and mitigate this activity, Kettering Health continues to investigate and monitor the situation. 

What Health Care Organizations Can Do to Mitigate Risk 

Cybersecurity is vital for patient safety and operational resilience. Health care organizations must shift from a reactive to a proactive approach, addressing cyber threats with the same urgency as infection control and emergency preparedness. 

• Implement or update a Disaster Recovery and Testing Plan . 
• Regularly conduct managed phishing testing and cybersecurity awareness training .
• Monitor and secure third-party access and integrations with a Vendor Risk Assessment .

This isn’t just a tech problem—it’s a patient care issue. Health care organizations have become prime targets because the stakes are so high. However, with the right investment in cybersecurity, they can also become models of resilience.