Healthcare Data Breaches Surge in 2025, But Exposed Records Decline Report Reveals Shifting Threat Landscape
In 2025, healthcare data breaches more than doubled compared to the previous year, yet the number of exposed patient records dropped significantly, signaling a shift in cyberattack strategies. According to Fortified Health Security’s latest report, the sector faced a 112% increase in breach volume, with hacking and IT incidents rising by 98% year-over-year. Unauthorized access and disclosure incidents surged even further 240% driven by misdirected communications, improper internal access, and emerging risks from shadow AI.
While large-scale breaches like 2024’s Change Healthcare incident once dominated headlines, 2025 saw a rise in smaller, more frequent attacks, particularly ransomware, identity compromise, and third-party vulnerabilities. The report noted that this trend strains healthcare organizations through repetitive disruptions rather than massive data leaks, emphasizing the need for operational resilience and rapid response capabilities alongside traditional data protection.
Despite progress in limiting breach size, gaps in cybersecurity defenses persist. Only 4% of surveyed leaders expressed strong confidence in their third-party risk assessments, while 43% lacked formal processes for retraining staff on security fundamentals. Barriers included time constraints and insufficient leadership support. Confidence in incident detection and recovery also remained low, with just 6% of respondents feeling very prepared.
Looking ahead, the report highlights shadow AI and escalating breach volumes as key threats for 2026, though industry leaders remain optimistic about cross-sector collaboration, leadership engagement, and AI-driven security innovations. The findings underscore a critical evolution in healthcare cyber risks where frequency, not scale, now defines the threat.
Greenhealth Exchange cybersecurity rating report: https://www.rankiteo.com/company/greenhealth-exchange
"id": "GRE1768494228",
"linkid": "greenhealth-exchange",
"type": "Breach",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Patients (number unspecified)',
'industry': 'healthcare',
'type': 'healthcare organizations'}],
'attack_vector': ['ransomware',
'identity compromise',
'third-party weakness',
'misdirected communications',
'improper internal access',
'shadow AI risks',
'email-based attacks'],
'data_breach': {'number_of_records_exposed': 'Fewer than 2024 (exact number '
'unspecified)',
'personally_identifiable_information': 'Likely included',
'sensitivity_of_data': 'High (personally identifiable '
'information likely included)',
'type_of_data_compromised': 'Patient records'},
'date_publicly_disclosed': '2025',
'description': 'In 2025, the frequency of healthcare data breaches more than '
'doubled, but the number of patient records exposed '
'significantly decreased. The shift is driven by ransomware, '
'identity compromise, and third-party weaknesses, signaling a '
'new phase of cyber risk focused on operational resilience and '
'response capacity.',
'impact': {'data_compromised': 'Fewer patient records exposed compared to '
'2024',
'identity_theft_risk': 'Increased due to identity compromise',
'operational_impact': 'Strain on teams due to increased breach '
'frequency'},
'lessons_learned': 'Healthcare organizations need to improve operational '
'resilience, response capacity, and workforce '
'sustainability. Focus on third-party risk assessments, '
'staff retraining, and incident detection/recovery '
'capabilities is critical.',
'post_incident_analysis': {'corrective_actions': ['Improve third-party risk '
'assessments',
'Retrain staff on security '
'practices',
'Enhance incident detection '
'and recovery capabilities'],
'root_causes': ['Ransomware',
'identity compromise',
'third-party weaknesses',
'misdirected communications',
'improper internal access',
'shadow AI risks']},
'recommendations': ['Improve third-party risk assessments to align with '
'actual vendor risk levels',
'Implement formal processes for retraining staff on '
'foundational security practices',
'Enhance threat detection and preparedness, especially '
'for emerging threats like shadow AI',
'Increase cross-industry collaboration and leadership '
'attention to cybersecurity',
'Leverage AI-driven innovation for cybersecurity '
'defenses'],
'references': [{'source': 'Fortified Health Security Report'},
{'source': 'HHS Office for Civil Rights'}],
'title': 'Healthcare Data Breaches Surge in 2025 with Smaller Data Footprints',
'type': ['ransomware',
'hacking',
'IT incidents',
'unauthorized access',
'disclosure',
'email-based breaches']}