Medical organizations in the United States have suffered nearly 5,000 data breaches that account for 342 million medical records, according to Comparitech research. 

Comparitech researchers analyzed data from 2009 to June 2022 to find out which U.S. states suffer the most medical breaches and how many records have been affected each year. 

2020 alone accounts for nearly one-fifth of all healthcare data breaches since 2009, with 803 breaches and 46.6 million records affected. 2021 saw a minor decline of 11% (from 803 breaches to 711). 

When looking at the number of healthcare cybersecurity breaches by U.S. states, California has the most by far, accounting for 474 ( approximately 10%) of the 4,746 data breaches. Texas (383), Florida (288), New York (287) and Illinois (217) are the other four worst-hit states. 

When it comes to the number of records affected, the picture changes slightly, with Indiana making its way into the top. Indiana recorded the highest number of records affected, with nearly 87.2 million records (more than 25% of all breached records). 

This is significantly higher than second-place New York with 25 million records affected. The states that closely followed N.Y. were Florida (23.1 million), California (19 million), and Texas (16.3 million).

The top five medical data breaches for the number of records affected include:

  1. Anthem Inc — 78.8 million records affected
  2. Optum360, LLC — 11.5 million records affected
  3. Premera Blue Cross — 11 million records affected
  4. Laboratory Corporation of America Holdings dba LabCorp — 10.2 million records affected
  5. Excellus Health Plan, Inc. — 9.3 million records affected

Hacking proved to be the most popular method of breaching medical organizations, accounting for 288 out of 711 breaches (41%) in 2021, Comparitech found. The next largest category (excluding unknowns) was ransomware, with 161 attacks (23%) recorded.

The type of organization that suffered the highest number of breaches in 2021 was specialist clinics, with 106 medical breaches, impacting 3 million records.

When it comes to the number of records, hospital networks and clinic networks are the most affected, with 6.8 million and 4.1 million records affected, respectively, according to Comparitech.

So far, 2022 has only recorded 151 breaches and nearly 8 million records affected, a smaller amount than previous years. However, with many breaches reported several months after they occurred, these figures will likely rise in the coming months.

For the full report, visit