A new study led by researchers from Michigan State University, Yale University and Johns Hopkins University reveals that ransomware attacks — which involve a hacker putting encryption controls into a file and then demanding a ransom to unlock the files—have become the primary driver of health care data breaches in the United States, compromising 285 million patient records over 15 years.

Published May 14 in JAMA Network Open, the study provides the first comprehensive analysis of ransomware’s role in health care breaches across all entities covered by privacy laws — hospitals, physician practices, health plans and data clearinghouses.

“Ransomware has become the most disruptive force in health care cybersecurity,” said John (Xuefeng) Jiang, Eli Broad Endowed Professor of accounting and information systems in the MSU Broad College of Business and lead author of the study. “Hospitals have been forced to delay care, shut down systems and divert patients — all while sensitive patient data is held hostage.

The study found that although ransomware accounted for just 11% of breaches in 2024 by number, those attacks alone were responsible for 69% of all patient records compromised that year. Since 2010, ransomware incidents have contributed to the exposure of 285 million patient records — many of which likely involve multiple breaches of the same individuals.

In addition to Jiang, the research team includes Joseph Ross, professor at the Yale School of Medicine, and Ge Bai, former doctoral student in the MSU Broad College of Business and now professor of accounting and health policy at Johns Hopkins University.