November 2025 Healthcare Data Breach Report: A Rare Decline Amid Government Shutdown Delays
November 2025 marked a notable drop in reported healthcare data breaches, with just 32 incidents affecting 500 or more individuals submitted to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). This represents a 54% reduction from November 2024 and a 56% decline from November 2023, the lowest figures since 2018. However, the decrease coincides with a U.S. government shutdown from October 1 to November 12, 2025, which halted breach reporting and created a backlog that may still be clearing.
Despite fewer breaches, the number of affected individuals also fell sharply. November saw 1.4 million patients impacted the lowest monthly total since January 2023 and an 87.2% drop from October. For the year to date, 686 large breaches have exposed the data of 55.7 million individuals.
Largest Breaches of November 2025
The month’s most significant incidents included:
- VITAS Hospice Services (Florida): A vendor account compromise led to unauthorized access affecting 320,000 patients.
- Fieldtex Products: A hacking incident exposed 238,615 records, with additional breaches reported in December.
- Delta Dental of Virginia: An email breach initially reported as affecting 145,918 individuals was later revised to 126,953.
Breach Causes & Trends
- Hacking/IT incidents dominated, accounting for 78% of breaches and 99.1% of affected individuals (1.4 million).
- Unauthorized access/disclosure made up 15.6% of breaches but only 0.5% of impacted individuals.
- Ransomware remains a critical threat, with groups like Qilin, INC Ransom, and SafePay driving a 58% year-over-year increase in attacks. Some, like Pear, now focus on data theft and extortion without encryption.
- Email compromises were involved in 19% of hacking incidents, often serving as an entry point for broader attacks.
Where Breaches Occurred
- Healthcare providers suffered the most, with 22 breaches affecting 867,100 individuals.
- Business associates reported 7 breaches, impacting 419,716 individuals.
- Virginia had the most breaches (4), while Florida saw the highest number of affected individuals (322,859).
HIPAA Enforcement
The government shutdown disrupted HHS operations, delaying enforcement announcements. Despite this, 2025 remains one of the busiest years for HIPAA penalties, with OCR closing the year with the second-highest annual total of settlements and fines. No new enforcement actions were announced in November.
While the decline in breaches is encouraging, experts warn that unreported incidents from the shutdown period and ongoing ransomware threats could reverse the trend in coming months. The data reflects reports submitted to OCR as of January 20, 2026.
Source: https://www.hipaajournal.com/november-2025-healthcare-data-breach-report/
Novitas Solutions, Inc. cybersecurity rating report: https://www.rankiteo.com/company/novitas-solutions-inc
Delta Health cybersecurity rating report: https://www.rankiteo.com/company/delta-health-co
"id": "NOVDEL1769009352",
"linkid": "novitas-solutions-inc, delta-health-co",
"type": "Breach",
"date": "6/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '320,000',
'industry': 'Healthcare',
'location': 'Florida, USA',
'name': 'VITAS Hospice Services',
'type': 'Healthcare Provider'},
{'customers_affected': '238,615',
'industry': 'Healthcare',
'name': 'Fieldtex Products',
'type': 'Business Associate'},
{'customers_affected': '126,953',
'industry': 'Healthcare',
'location': 'Virginia, USA',
'name': 'Delta Dental of Virginia',
'type': 'Healthcare Provider'}],
'attack_vector': ['Vendor Account Compromise',
'Email Compromise',
'Unauthorized Access'],
'data_breach': {'data_encryption': 'Partial (Ransomware cases)',
'data_exfiltration': 'Yes',
'number_of_records_exposed': '1.4 million (November 2025)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Patient Records',
'Personally Identifiable '
'Information']},
'date_publicly_disclosed': '2026-01-20',
'description': 'November 2025 marked a notable drop in reported healthcare '
'data breaches, with just 32 incidents affecting 500 or more '
'individuals submitted to the U.S. Department of Health and '
'Human Services (HHS) Office for Civil Rights (OCR). This '
'represents a 54% reduction from November 2024 and a 56% '
'decline from November 2023, the lowest figures since 2018. '
'However, the decrease coincides with a U.S. government '
'shutdown from October 1 to November 12, 2025, which halted '
'breach reporting and created a backlog. Despite fewer '
'breaches, 1.4 million patients were impacted, the lowest '
'monthly total since January 2023.',
'impact': {'data_compromised': '55.7 million individuals (year to date)',
'identity_theft_risk': 'High'},
'initial_access_broker': {'entry_point': ['Email Compromise',
'Vendor Account Compromise']},
'investigation_status': 'Ongoing (backlog from government shutdown)',
'lessons_learned': 'Unreported incidents from the shutdown period and ongoing '
'ransomware threats could reverse the trend in coming '
'months.',
'motivation': ['Data Theft', 'Extortion', 'Financial Gain'],
'post_incident_analysis': {'root_causes': ['Government shutdown delayed '
'reporting',
'Ransomware attacks',
'Email compromises']},
'ransomware': {'data_encryption': 'Partial (Pear focuses on data theft '
'without encryption)',
'data_exfiltration': 'Yes',
'ransomware_strain': ['Qilin',
'INC Ransom',
'SafePay',
'Pear']},
'references': [{'date_accessed': '2026-01-20',
'source': 'U.S. Department of Health and Human Services (HHS) '
'Office for Civil Rights (OCR)'}],
'regulatory_compliance': {'legal_actions': 'Second-highest annual total of '
'settlements and fines (2025)',
'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'Delayed due to '
'government shutdown'},
'threat_actor': ['Qilin', 'INC Ransom', 'SafePay', 'Pear'],
'title': 'November 2025 Healthcare Data Breach Report',
'type': ['Data Breach', 'Hacking/IT Incident', 'Ransomware']}