EHR system hacks surge as network servers and email become weak links

The U.S. healthcare sector is witnessing a sharp surge in cyberattacks as electronic health record (EHR) systems become increasingly targeted by hackers. A new study published in the Journal of Cybersecurity and Privacy provides the most detailed evidence yet of how EHR-related data breaches have evolved over the past 15 years, raising urgent concerns about patient safety and the resilience of healthcare infrastructure.

The research, titled The Rise of Hacking in Integrated EHR Systems: A Trend Analysis of U.S. Healthcare Data Breaches, offers a statistical and trend-based analysis of breach types, affected entities, and points of compromise. The findings, based on breach reports submitted under the Health Insurance Portability and Accountability Act (HIPAA) between 2010 and 2025, confirm that hacking has become the dominant threat to healthcare data security, far outpacing other forms of breach such as theft or unauthorized access.

What types of breaches are driving the surge?

The study reveals that hacking and IT incidents have emerged as the most prevalent type of breach in the U.S. healthcare system. Statistical modeling shows that these incidents are increasing at the steepest rate among all breach categories, with a significant correlation coefficient of 0.84. Unlike theft or unauthorized access, hacking incidents are not only becoming more frequent but also more sophisticated, targeting the weakest points in healthcare infrastructure.

Theft and unauthorized access breaches have also increased but on a smaller scale. The authors note that while physical theft once represented a significant portion of data breaches, it is now overshadowed by digital compromises. The growth of integrated and cloud-based EHR systems has expanded the attack surface, giving malicious actors greater opportunities to infiltrate healthcare organizations remotely.

Importantly, the study finds that while breach frequency is rising, the median size of incidents remains relatively stable. This could indicate improved containment strategies or inconsistencies in how breach sizes are reported. Regardless, the overall trajectory highlights a sector under growing cyber pressure, with sensitive patient records and healthcare operations at stake.

Who is most at risk in the healthcare sector?

According to the analysis, healthcare providers remain the most consistently affected entities, reporting the highest number of breaches year after year. Business associates, which include third-party service providers handling patient data, are also frequent targets. By contrast, clearinghouses have experienced negligible incidents, reflecting their relatively smaller role in direct patient data handling.

The points of compromise are especially telling. Network servers are identified as the most vulnerable breach location, followed closely by email systems. The frequency of attacks on these channels continues to rise, highlighting gaps in encryption, intrusion detection, and access control. As ransomware attacks and phishing campaigns proliferate, healthcare organizations are particularly exposed due to the critical nature of their operations and the value of their data.

The study underscores that the vulnerabilities are not evenly distributed. Smaller providers and organizations with outdated security protocols are disproportionately affected, amplifying the risks for patients served by under-resourced institutions. This uneven security landscape complicates efforts to create standardized protections across the healthcare system.

What needs to be done to protect patient data?

The authors warn that existing EHR implementations lack the necessary safeguards to withstand the current wave of cyber threats. They argue that healthcare organizations must prioritize targeted security investments that address the most common breach vectors. Encryption of sensitive data, anomaly detection tools for identifying suspicious behavior, and robust identity verification mechanisms are all highlighted as critical defenses.

Access control is another area requiring immediate improvement. Weak password practices and insufficient multi-factor authentication expose healthcare systems to preventable compromises. By strengthening access policies, providers can significantly reduce their vulnerability to hacking and unauthorized access.

Beyond technical solutions, the study calls for stronger regulatory oversight. HIPAA mandates breach reporting, but the authors point out inconsistencies in how data is categorized and disclosed. Stricter standards for breach reporting would improve transparency, support more effective monitoring, and enhance accountability across the sector.

The researchers also stress the importance of cultural and organizational change. Cybersecurity must be treated as a central component of healthcare delivery, not as an auxiliary concern. Training staff to recognize phishing attempts, adopting zero-trust security models, and fostering collaboration between IT and clinical teams are all necessary steps toward building resilience.