Cybersecurity in Healthcare: Ensuring Patient Safety and Data Privacy

Objective: Healthcare data breaches have increased in both frequency and severity, yet limited empirical evidence exists on the factors associated with large-scale breach events. To address this gap, this study analyzed breaches reported to the US Department of Health and Human Services Office of Civil Rights between 2010 and 2025 to determine predictors of large breaches. Methods: A total of 7327 breach reports from the Office for Civil Rights were analyzed. Logistic regression assessed predictors of high‑severity incidents (≥ 100,000 individuals affected). Differences in breach size between incident types were assessed using Wilcoxon rank‑sum tests. Negative binomial regression modelled factors associated with breach magnitude and temporal trends in Hacking/IT classifications over time, adjusting for covariates. Results: Breach sizes were highly right-skewed; the median breach affected 3892 individuals (IQR: 1255– 19,471), and roughly 10% of the incidents accounted for the majority of individuals affected. Hacking/IT events were associated with severe breaches (OR = 2.6) and increased from 4% in 2010 to 80% in 2025. Network server incidents resulted in significantly larger breaches than device theft events. Business associate involvement was independently associated with a larger breach magnitude (IRR = 2.0). Conclusion: Hacking/IT mechanisms, network server involvement, and business associate participation were the strongest factors associated with breach severity and magnitude. These findings highlight persistent vulnerabilities in healthcare organizations and reinforce the need for targeted cybersecurity strategies. Plain Language Summary: Over the past 15 years, healthcare organizations have experienced a steady rise in data breaches, many of which expose large amounts of patient information. Our analysis reviewed more than 7300 reported incidents to identify the factors linked with the most extensive breaches. Cyberattacks involving hacking were most frequently associated with large‑scale events, particularly when attackers accessed network servers. Breaches that involved business associates, such as external vendors, also tended to affect more individuals. Hacking became increasingly common over time and now represents the majority of breaches. These results highlight critical weaknesses in healthcare systems and emphasize the need for stronger security practices and tighter oversight of third‑party partners. Keywords: healthcare data breaches, hacking/IT incidents, network server breaches, business associate involvement