Indiana University Health announced that in November there was unusual activity detected in an email account, resulting in a data breach across the health system’s tech infrastructure. An external investigation determined that a hacker may have obtained personal information, such as Social Security numbers, addresses, ages, medical record numbers, diagnoses, or other treatment information for some patients. Nonprofit Indiana University Health began notifying affected individuals on January 2, 2025, and is offering a call center for assistance. It’s too soon to specify how many people may have been affected by the breach, but the organization is the largest system in the state with 17 hospitals, 38,000 employees and more than 1.2 million patients.
Setting a record in 2024: Cyber security is always top-of-mind for healthcare organizations, especially after a particularly tough year of hacks and extortion. In 2024, there were 13 data breaches that each affected more than 1 million healthcare records and therefore were obliged to be reported to federal authorities, including the Change Healthcare hack—the largest healthcare data breach of all time, which affected the data of 100 million people and forced the hand of Change Healthcare in paying out a $22 million ransom. The second-most impactful breach of 2024 affected Kaiser Foundation Health Plan in April and involved the protected health information of up to 13 million individuals.