Medical Centres Most Under Threat from Cyberattackers

Over 26% of healthcare organizations have low cybersecurity maturity, lacking all recommended threat and detection capabilities.

Medical organisations must comply with regulations and do everything possible to minimize the risk of unauthorised access to sensitive medical information.

But which states are considered ‘at risk’ from cyberattackers, and how susceptible are individuals to having their medical data breached?

States with the Most Medical Centres Impacted

With this looming threat of cyberattacks on medical centres in the United States, it’s important to know whether your state is at risk. In total, the number of medical centres affected across the US since 2023 has been 2,282.

This is proven by the unsettling recent incident in June of 2025. A ransomware attack disrupted internal systems, phone lines, and EHRs across 14 medical centers owned by Kettering Health.

Below is a breakdown of the five states considered most 'at risk’ from cyberattacks against medical centres.

1. California (CA): In 2024, 15 medical centres were under investigation for cyberattacks. In 2025, this increased to 52, and since the start of 2026, California has had three centres with attacks under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 231. California has moved to tighten the regulatory environment. Senate Bill 446, signed into law in late 2025, introduced stricter breach notification requirements, mandating that organizations notify affected California residents within 30 days and provide detailed, plain-language descriptions of what data was exposed and what steps are being taken to address the breach. 
2. Texas (TX): In 2024, 22 medical centres were under investigation for data breaches. In 2025, this rose to 37, and since the start of 2026, Texas has had five centres with data breaches under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 172.
3. New York (NY): In 2024, eight medical centres were under investigation for cyber-attacks. In 2025, this rose to 31, and since the start of 2026, New York has had one centre with a data breach under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 159.
4. Florida (FL): In 2024, 11 medical centres were under investigation for data breaches. In 2025, this increased to 44, and since the start of 2026, Florida has had two centres with data breaches under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 123.
5. Illinois (IL): Ranking in fifth place, but by no means least, is Illinois. In 2024, 15 medical centres were under investigation for cyberattacks. In 2025, this rose to 18, and since the start of 2026, Texas has had three centres with attacks under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 110.

States with the Most Individuals Affected by Breaches

Medical centres themselves aren’t the only entities under threat from data breaches. Individuals are also under threat of having their private medical information exposed by cyberattackers.

Below we’ve listed the states with individuals most ‘at risk’ from cyberattacks.

1. Minnesota (MN): Between 2023 and 2026, 48 medical centres were impacted by data breaches, with over 197,670,018 individuals affected. On average, this means over 4.1 million people were affected per data breach, the highest of all states.
2. Nevada (NV):  Just 12 medical center data breaches have been reported in Nevada since 2023, however the scale of these breaches was widespread. Over 9.4 million people have been affected by data breaches, an average of 787,000 people per data breach.
3. Colorado (CO): In Colorado, 32 medical centers have reported data breaches between 2023 and 2026 , which have impacted of 24 million people. On average, over 775 people have had their data compromised.
4. Delaware (DE): Delaware only recorded eight medical center data breaches since 2023 but they have impacted millions of people. In total, over 4.6 million people have had their data compromised in a breach or on average, 581,000 per breach.
5. Georgia (GA): Georgia has reported 64 medical data breaches since 2023, with an estimated 30 million people affected. On average, around 471,000 people have had their data compromised per breach.

In total, the number of individuals affected across the US since 2024 has been 541,797,362.

It’s clear that since 2024, the number of individuals affected has decreased dramatically, which may be due to competent personal cybersecurity practices.

California has been leading in this regard, with comprehensive data privacy laws like the California Consumer Privacy Act (CCPA) and the Consumer Privacy Rights Act (CCRA), while also requiring the Office of Emergency Services to maintain a state-wide cyber response plan.

This shows how essential a good cybersecurity framework in the long-term safeguarding of key medical data.

Over 26% of healthcare organizations have low cybersecurity maturity, lacking all recommended threat and detection capabilities.

Medical organisations must comply with regulations and do everything possible to minimize the risk of unauthorised access to sensitive medical information.

But which states are considered ‘at risk’ from cyberattackers, and how susceptible are individuals to having their medical data breached?

States with the Most Medical Centres Impacted

With this looming threat of cyberattacks on medical centres in the United States, it’s important to know whether your state is at risk. In total, the number of medical centres affected across the US since 2023 has been 2,282.

This is proven by the unsettling recent incident in June of 2025. A ransomware attack disrupted internal systems, phone lines, and EHRs across 14 medical centers owned by Kettering Health.

Below is a breakdown of the five states considered most 'at risk’ from cyberattacks against medical centres.

1. California (CA): In 2024, 15 medical centres were under investigation for cyberattacks. In 2025, this increased to 52, and since the start of 2026, California has had three centres with attacks under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 231. California has moved to tighten the regulatory environment. Senate Bill 446, signed into law in late 2025, introduced stricter breach notification requirements, mandating that organizations notify affected California residents within 30 days and provide detailed, plain-language descriptions of what data was exposed and what steps are being taken to address the breach. 
2. Texas (TX): In 2024, 22 medical centres were under investigation for data breaches. In 2025, this rose to 37, and since the start of 2026, Texas has had five centres with data breaches under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 172.
3. New York (NY): In 2024, eight medical centres were under investigation for cyber-attacks. In 2025, this rose to 31, and since the start of 2026, New York has had one centre with a data breach under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 159.
4. Florida (FL): In 2024, 11 medical centres were under investigation for data breaches. In 2025, this increased to 44, and since the start of 2026, Florida has had two centres with data breaches under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 123.
5. Illinois (IL): Ranking in fifth place, but by no means least, is Illinois. In 2024, 15 medical centres were under investigation for cyberattacks. In 2025, this rose to 18, and since the start of 2026, Texas has had three centres with attacks under investigation. But the total number of affected medical centres per year between 2023 and so far in 2026 has been 110.

States with the Most Individuals Affected by Breaches

Medical centres themselves aren’t the only entities under threat from data breaches. Individuals are also under threat of having their private medical information exposed by cyberattackers.

Below we’ve listed the states with individuals most ‘at risk’ from cyberattacks.

1. Minnesota (MN): Between 2023 and 2026, 48 medical centres were impacted by data breaches, with over 197,670,018 individuals affected. On average, this means over 4.1 million people were affected per data breach, the highest of all states.
2. Nevada (NV):  Just 12 medical center data breaches have been reported in Nevada since 2023, however the scale of these breaches was widespread. Over 9.4 million people have been affected by data breaches, an average of 787,000 people per data breach.
3. Colorado (CO): In Colorado, 32 medical centers have reported data breaches between 2023 and 2026 , which have impacted of 24 million people. On average, over 775 people have had their data compromised.
4. Delaware (DE): Delaware only recorded eight medical center data breaches since 2023 but they have impacted millions of people. In total, over 4.6 million people have had their data compromised in a breach or on average, 581,000 per breach.
5. Georgia (GA): Georgia has reported 64 medical data breaches since 2023, with an estimated 30 million people affected. On average, around 471,000 people have had their data compromised per breach.

In total, the number of individuals affected across the US since 2024 has been 541,797,362.

It’s clear that since 2024, the number of individuals affected has decreased dramatically, which may be due to competent personal cybersecurity practices.

California has been leading in this regard, with comprehensive data privacy laws like the California Consumer Privacy Act (CCPA) and the Consumer Privacy Rights Act (CCRA), while also requiring the Office of Emergency Services to maintain a state-wide cyber response plan.

This shows how essential a good cybersecurity framework in the long-term safeguarding of key medical data.