By Gilbert Munoz Cornejo

This study investigates the incidence and characteristics of cybersecurity data breaches across U.S. rural and urban hospitals from 2016 to 2022, employing a two-stage design. Stage 1 used logistic regression to determine whether a hospital had a breach, controlling for key variables. Stage 2 analyzed the subset of 212 hospitals that experienced a breach, focusing on breach type, and breach location. The results revealed that 3.46% of hospitals experienced a breach, with urban facilities showing a slightly higher rate (3.84%) than rural ones (2.64%). Larger, non profit, and non-affiliated hospitals and those in the Northeast faced higher breach odds. Once breached, no significant rural–urban differences emerged regarding breach characteristics, but year of breach, ownership type, and membership affiliation played key roles in how incidents manifested. These findings underscore the importance of targeted cybersecurity strategies, informing healthcare administrators, policymakers, and cybersecurity professionals in safeguarding patient data across diverse hospital settings.    

Security Journal, 2025, 21p.