Over 276 million Americans affected by medical data breaches
A staggering 276 million patient records were compromised in 2024, experts have revealed. It suggests eight in 10 Americans had some form of medical data stolen last year. The biggest hack in 2024 was also one the largest healthcare data breaches in US history, impacting 190 million patients linked to Change Healthcare.
Now, researchers at the cyber watchdog Check Point are warning of a newly uncovered healthcare cyberattack that could expose even more sensitive information than the previous year. According to the team, cybercriminals are impersonating practicing doctors to trick patients into revealing Social Security numbers, medical histories, insurance details, and other personal data. The phishing campaign has been active since March 20, and researchers estimate that 95 percent of its targets are in the US. 'In some versions of these phishing emails, cybercriminals deploy images of real, practicing doctors but pair them with fake names,' the Check Point team reported.
The emails instruct recipients to contact a listed healthcare provider using a specific phone number—part of the scam. Researchers noted that Zocdoc has become a key tool in the attackers' arsenal, as it allows them to use images of real doctors while disguising their identities with fake credentials. The Check Point team noted that the data compromised in 2024 amounted to roughly 758,000 records every single day. 'Victims of medical identity theft will spend an average of 210 hours and $2,500 out-of-pocket to reclaim their identities and resolve the fallout,' the researchers said.
In one case, cybercriminals created a fake profile on Zocdoc using a real doctor's image but a fake name and sent a fake pre-appointment message, booking confirmation, and additional instructions. To safeguard patients' private information and finances, healthcare organizations are urged to install advanced phishing filters, conduct regular employee cybersecurity training and mock drills, and ensure their IT teams are equipped to respond to threats quickly. In March 2025, Yale New Haven Health experienced a data breach affecting approximately 5.5 million individuals.
Hackers copied the data on the day it was discovered, indicating a likely ransomware attack and exposing the fragility of the U.S. healthcare system. These breaches highlight systemic failures in the cybersecurity infrastructure of the healthcare sector. Many organizations still rely on outdated systems that lack modern security protocols, making them easy targets for cybercriminals. A recent study revealed that some medical devices—unlike smartphones or laptops—lack basic security safeguards, making them a significant entry point for hackers. By compromising devices like MRI machines, cybercriminals can gain access to entire networks and connected systems, creating widespread vulnerabilities.
The financial repercussions of these breaches are staggering. UnitedHealth Group estimated the cost of the Change Healthcare breach at approximately $2.5 billion, covering response efforts, system rebuilds, and support for affected providers. 'The company has restored most of the affected Change Healthcare services while continuing to provide financial assistance to remaining healthcare providers in need,' UnitedHealth Group stated. Beyond financial damage, the cyberattack also caused severe operational disruption. For instance, delays in processing insurance claims forced some patients to pay out of pocket for medications and services. Smaller healthcare providers faced devastating revenue losses, threatening their survival.
In response to the rising threat, a new set of Health Insurance Portability and Accountability Act (HIPAA) regulations was proposed in January 2025. The goal is to enhance the protection of medical records through stronger data encryption and stricter compliance checks. The proposed rule is expected to cost $9 billion in the first year and $6 billion annually over the next four years.
Patients affected by data breaches are urged to monitor their financial accounts, request credit reports, and consider placing fraud alerts. 'Patients are encouraged to review statements from their healthcare providers and report any inaccuracies immediately,' said Yale New Haven Health. The exposure of 276 million patient records underscores the urgent need to reinforce cybersecurity in healthcare. As threats continue to evolve, it's critical for healthcare organizations to implement modern safeguards and conduct regular audits to stay ahead of attackers and protect sensitive patient data.
Want more stories like this from the Daily Mail? Hit the follow button above for more of the news you need.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Sky News
2 hours ago
- Sky News
Blood test for Alzheimer's disease is highly accurate, researchers say
Researchers say a new blood test for Alzheimer's disease has been shown to be highly accurate in detecting people with early symptoms. Scientists looked for two proteins - amyloid beta 42/40 and p-tau217 - and found the test was 95% accurate in identifying patients with existing cognitive impairment linked to the condition. The US study involved 509 patients in an outpatient memory clinic in Florida and was published in the medical journal Alzheimer's and Dementia. The test, which has already been approved by the US regulator, was also 82% accurate for specificity, which means it could rule out people without dementia. Dr Gregg Day, who led the study, said the test was as good as existing, but more invasive, tests. He said the next step was to extend the test to a wider range of patients, including those with early Alzheimer's who do not have any cognitive symptoms. Scientists say the two proteins, which they have identified in blood plasma, are associated with the buildup of amyloid plaques. Amyloid protein can be found in our brains, but in Alzheimer's disease, amyloid sticks together and forms abnormal deposits, which are thought to be toxic to brain cells. Dr Richard Oakley, associate director for research and innovation at the Alzheimer's Society in the UK, said the results "suggest this test is very accurate". "Blood tests will be critical to accelerate diagnosis and give more people access to the care, support and treatments they desperately need faster than ever before," he added. In the UK, the Blood Biomarker Challenge is a multi-million-pound research programme supported by the Alzheimer's Society, Alzheimer's Research UK and the National Institute for Health and Care Research. 1:09 Its goal is to bring blood tests for dementia diagnosis to the NHS by 2029. Dr Julia Dudley, head of research at Alzheimer's Research UK, said: "We urgently need to improve how we diagnose dementia and it's great to see international research working towards this goal." She said the studies like the Blood Biomarker Challenge are a "crucial part of making diagnosis easier and faster, which will bring us closer to a cure". "The study is testing blood tests, including p-tau217, in thousands of people from sites across the UK," she added.
Daily Mail
3 hours ago
- Daily Mail
Starmer goes all in on NHS with PM set to hand health service £30bn spending boost at expense of other public services
Sir Keir Starmer will pump money into the NHS at the expense of other public services. The government is putting all its eggs in one basket as it lines up the Department for Health for a £30billion cash boost at next week's spending review. However, health chiefs have warned the prime minister's promise to 'turbocharge delivery' could lead to difficult compromises elsewhere in services from the police to councils. It comes after the party's unexpected victory in the Hamilton, Larkhall & Stonehouse by-election - though as the threat of Nigel Farage 's Reform UK still looms large. The Department for Health will be handed an increase of around £200billion to its budget by 2028 - a £17billion rise in real terms. Its day-to-day budget is set to increase by 2.8 per cent in real terms annually over the three-year spending review period. Sir Keir has also pledged to have 92 per cent of NHS patients treated within 18 weeks by the next election, a target that has remained unmet for a decade. Currently, under 60 per cent are seen within this time with waiting lists rising to 7.4million last month. There are even fears NHS bosses may not hit an interim goal of 65 per cent next year. Chancellor Rachel Reeves' prioritisation of health has forced cuts in other departments and prompted protestations from other cabinet members like Yvette Cooper, the home secretary and Angela Rayner, the deputy prime minister and housing secretary. Both have warned Ms Reeves the cuts will put some of the government's crime and housing targets at risk amid 'robust negotiations'. But the chancellor has maintained 'not every department will get everything they want'. Overall, the health budget, which stood at £178billion as Labour took office, will exceed £230billion by the next election. The increase means health is set to account for 41 per cent of all day-to-day departmental spending - up from 39 per cent. Ben Zaranko, of the Institute for Fiscal Studies, said Ms Reeves's cash boost was 'a serious, meaningful increase in health funding'. But Matthew Taylor, chief executive of the NHS Confederation, warned the funding increase 'is not going to enable us to achieve recovery and reform' without big changes to the way the health service treats patients. He said the government's plan to withhold the budget for infrastructure simultaneously would also make 'combining recovery and reform' impossible.
Daily Mail
3 hours ago
- Daily Mail
Health Secretary to unveil 'death of the doctor's letter' in digital first switch to help slash NHS postage bills
Ministers will today announce the death of the doctor's letter in a bid to slash NHS postage bills. Health Secretary Wes Streeting will unveil plans to switch to a 'digital first' system, with almost all patient communications made via the NHS app. The move, agreed as part of next week's spending review, will mean most patients will no longer receive letters about appointments, check-ups and screening dates. People unable to use the app will be able to continue receiving a postal service, but only as a 'last resort'. The Department of Health said the move would lead to the NHS sending out 50 million fewer letters a year, saving £200 million on stamps and envelopes. However, critics warned it could disadvantage millions of older people who struggle with the latest technology. Dennis Reed, director of the Silver Voices campaign group, said the move would accelerate the trend towards digital communications that risks turning some older people into 'second class citizens' and could result in vulnerable patients missing appointments. Last night Mr Streeting insisted that 'modernising' communications would 'put power in the hands of patients'. 'People are living increasingly busy lives,' he said, 'and want to access information about their health at the touch of a button, rather than wait weeks for letters that often arrive too late. 'The NHS still spends hundreds of millions of pounds on stamps, printing, and envelopes. By modernising the health service, we can free up huge amounts of funding to reinvest in the frontline.' Health sources said Royal Mail had become so unreliable in parts of the country that some letters didn't arrive until after appointment dates or else people didn't open their post in time. Mr Reed told the Mail: 'Many older people do not have smartphones and many of those that do only use them for making calls. There are still a lot of people who do not know how to use apps or who physically cannot navigate them on a tiny screen. 'If you try to force them to use an app then people will miss messages and vital appointments.' Caroline Abrahams, director of Age Concern, said technology brought 'many potential benefits', but added: 'This is a big risk because millions [of older people] do not use computers at all, or only do so for limited purposes. 'If the NHS app is to become the default, then this major change must be accompanied by many more opportunities to help people of all ages to go online if they wish to do so.'
