How to stay safe and what to do now if you received a letter about a data breach in the mail.
Contents
- In 2025, U.S. healthcare data breaches have surged dramatically, exposing sensitive information of millions of individuals.
- The first half of 2025 saw over 20 million patients affected nationally, with June alone exposing data of over 7.6 million individuals.
- Healthcare remains the most targeted sector, with breaches often involving hacking, ransomware, and phishing.
- The cost per breach in the U.S. has reached an average of $10.22 million, driven by regulatory fines and operational disruptions.
- Breach sizes have increased drastically, with some single incidents compromising records of millions.
Key 2025 Healthcare Data Breaches (Selected Examples)
| Entity | State | Type | Individuals Affected | Cause | Data Exposed |
|---|---|---|---|---|---|
| Episource, LLC | CA | Business Associate | 5,418,866 | Ransomware/Hacking | Names, addresses, SSNs, medical and insurance info |
| McLaren Health Care | MI | Healthcare Provider | 743,131 | Ransomware | PHI including SSNs |
| Compumedics USA, Inc. | NC | Business Associate | 318,150 | Hacking | Patient data, possibly SSNs |
| Yale New Haven Health System | CT | Healthcare Provider | Millions (multi-mil) | Unauthorized network access | Names, birthdates, SSNs, medical record numbers |
| Medusind Inc. | FL | Medical Billing Co. | 700,000+ | Cybercriminal intrusion | Medical info, insurance, payment data, SSNs |
| Kelly & Associates Insurance | MD | Insurance Group | 550,000+ | System breach | Medical data, financial info, SSNs |
| Ascension (multiple breaches) | Various | Healthcare Provider | 437,000+ | Third-party software failure | Names, addresses, SSNs, clinical and insurance data |
| Integrated Oncology Network | Multi-State | Business Associate | ~123,000 | Phishing | Emails, radiology and oncology patient info |
Breach Statistics for June 2025
| Metric | Value |
|---|---|
| Total breaches reported | 70 |
| Individuals affected | 7,609,868 |
| Median breach size | 4,824 individuals |
| Average breach size | 128,477 individuals |
| % breaches caused by hacking/IT | 84%+ |
| % breaches involving email data | 51% (36 breaches) |
Causes of Healthcare Data Breaches 2025
- Hacking and IT incidents: The vast majority of breaches, including ransomware and unauthorized access, account for over 80% of attacks.
- Phishing attacks: Leading to email account compromises, increasingly common as entry points for larger breaches.
- Third-party vendor vulnerabilities: Many breaches originate from compromised business associates or outdated third-party software systems.
What Was Exposed?
- Commonly breached data includes:
- Names, addresses, dates of birth, Social Security numbers (SSNs)
- Medical record numbers, health insurance details
- Treatment and diagnosis information
- Financial and payment information
Impact and Recommendations
- The scale and sophistication of breaches have raised urgent concerns for patient privacy and healthcare operational security.
- Organizations face escalating regulatory pressure and financial penalties.
- Patients are urged to:
- Monitor credit reports and financial accounts regularly
- Use offered credit monitoring and identity theft protection services
- Enable two-factor authentication and beware of phishing attempts
- Healthcare providers and vendors must strengthen cybersecurity defenses including:
- Regular staff training on phishing and security awareness
- Enforcing multi-factor authentication (MFA)
- Rigorous vendor security assessments and access controls
- Compliance with frameworks like the NIST Cybersecurity Framework
This summary provides a clear picture of the critical healthcare cybersecurity challenges in 2025, highlighting major breaches, causes, and actionable insights for protection.
