2025: Double the breaches, but less patient data compromised

In 2025, the frequency of healthcare data breaches more than doubled. However, the number of patient records exposed has significantly decreased, indicating a shift in the data breach landscape, according to a new report from Fortified Health Security.  

"The healthcare sector is experiencing more frequent cyber events with smaller data footprints, driven largely by ransomware, identity compromise, and third-party weakness," the report stated. "This represents progress in limiting breach size, but also signals a new phase of cyber risk, where operational resilience, response capacity, and workforce sustainability matter as much as traditional data protection measures." 

The Fortified Health Security report pulled data from the HHS Office for Civil Rights, its own NIST Cybersecurity Framework assessments and real-world incident response experience. 

Total breach volume in 2025 surpassed 2024 by 112%, the company found. Hacking and IT incidents continued to dominate the cyberthreat landscape, with a 98% year-over-year increase. Unauthorized access and disclosure had a year-over-year increase of 240%, largely attributed to misdirected communications, improper internal access and emerging shadow AI risks. Additionally, email-based breaches more than doubled from 2024 to 2025. 

Despite the alarming increase in breach volumes, fewer patient records were implicated in breaches in 2025 than in 2024. In years past, high-impact breaches, like 2024's Change Healthcare breach, made headlines for their sheer size and widespread reach.  

"The absence of a single major event hid a more sinister threat: Attacks that come faster, hit more healthcare organizations, and strain teams through repetition rather than scale," the report stated. "Because of this, the healthcare industry's focus on defense and resilience has become essential." 

Despite this shift, healthcare organizations have considerable room to grow in improving their defenses. Just 4% of surveyed leaders expressed being "very confident" that their organization's third-party risk assessments aligned with the actual level of risk each vendor poses. 

Additionally, 43% of respondents said that they were not sure or did not have a formal process in place for retraining staff on foundational security practices. Lack of time and leadership support contributed to barriers in cybersecurity training. 

Just 6% of respondents reported being very confident in their ability to detect and recover from a cyber incident, while most leaders expressed being only somewhat confident. 

In 2026, the importance of threat detection and preparedness will continue to grow, especially given the emerging threat of shadow AI and increased breach volume. Still, the report showed that leaders are optimistic about 2026 and the potential for increasing cross-industry collaboration, leadership attention and AI-driven innovation. 

Jill Hughes has covered healthcare cybersecurity and privacy news since 2021.