Although there were almost 3.5 million reported information breaches of health care data in the first quarter of 2019, health care providers do not know the extent of digital and nondigital breaches of patient medical records. The purpose of this quantitative, comparative study was to identify the difference between the individual patient records affected by digital versus nondigital breaches for three types of health care entities in the United States, health care providers, health care plans, and health care clearinghouses. Allman’s privacy regulation theory, the National Institute of Standards and Technology Privacy Framework, and ecological systems theory comprised the theoretical framework. The focus of the research questions was on the difference between digital and nondigital breaches for each of the health care entities. The study data consisted of 2,601 digital and nondigital breach reports for the three healthcare entities for the years 2010 to 2018 retrieved from the public database of HIPAA breach and violations maintained by the U.S. Department of Health and Human Services. Significant t tests of the hypotheses for each health care entity indicated that more breaches occurred digitally than nondigitally, and that health plan provider breaches resulted in a greater number of individuals impacted per incident than breaches of healthcare providers or healthcare clearinghouses. The implication for positive social change is that the study findings may help health care entities make better decisions about how to allocate scarce information security resources to lower health care costs by reducing the breaches of health care records.