The rapid adoption of Electronic Health Records (EHRs), driven by initiatives like the Health Information Technology for Economic and Clinical Health (HITECH) Act, has revolutionized healthcare delivery while simultaneously exposing the sector to increased data security risks. Despite efforts to protect health data, breaches persist, compelling healthcare organizations to reevaluate their strategies for preventing, detecting, and responding to such incidents. Accurately assessing the severity of data breaches is paramount for effective risk management. Conventional risk assessment methods often lack comprehensiveness, relying on subjective expertise and basic scales [1]. This study aims to bridge this gap by proposing a structured framework for evaluating data breaches in the healthcare system. Through analysis of breaches from 2009 to 2022 in the American healthcare system, the study seeks to quantify both the likelihood and impact of these incidents. By identifying trends and contributing to existing literature, this research endeavors to inform policy decisions and bolster cybersecurity measures, facilitating the advancement of healthcare technology while preserving patient privacy.