Is it possible your Security Hotspots are on new Lines that aren’t Lines of Code?
No, it’s not possible. The files identified as needed Security Hotspot review did not change at all.
After more research, I found this is actually related to this other question I posted Is it possible for SonarQube to miss things during a scan? - Get help / SonarQube - SonarSource Community. What seems like what’s happening is that during the 1st scan, SonarQube doesn’t identify all of the issues because after the 2nd scan the files - which have not changed - have more issues found on them and this is triggering a quality gate failure without the files showing up under measures as “new code”.