Major Healthcare Data Breaches and Impacts in 2025
Healthcare organizations experienced a significant number of large-scale data breaches in 2025, with nearly 57 million individuals affected and at least 642 incidents reported to the Department of Health and Human Services (HHS) Office for Civil Rights. While this represents a notable decrease from the previous year, the sector continues to face substantial risks, with several high-profile breaches exposing sensitive patient information. Notable incidents include breaches at major healthcare providers and patient information portals, with some cases resulting in legal settlements and direct financial compensation to affected individuals.
Among the most impactful breaches, Consulting Radiologists Ltd. agreed to a $2.2 million settlement after a 2024 breach exposed the personal and medical data of approximately 512,000 people. Additionally, New Zealand's ManageMyHealth platform reported a breach potentially affecting over 108,000 users, highlighting the global nature of healthcare data security challenges. These incidents underscore the ongoing threat to patient privacy and the financial and reputational consequences for healthcare organizations that fail to adequately protect sensitive information.
Related Entities
Sources
Related Stories
Healthcare Sector Data Breaches and Security Risks in Late 2025
A significant reduction in the number of large healthcare data breaches was reported for October 2025, with only 28 incidents affecting 500 or more individuals, the lowest monthly total since May 2020. However, the number of individuals impacted surged by 540% to over 11 million, largely due to a few major breaches still under investigation. The reporting delay was attributed to a government shutdown that created a backlog at the HHS Office for Civil Rights, potentially causing underreporting for the month. Notably, the Bosch Choice Welfare Benefit Plan disclosed a breach affecting 55,000 members, stemming from a business associate's cybersecurity incident that exposed sensitive personal and health information. The affected business associate also notified other covered entities and implemented additional safeguards in response. Security risks in the healthcare sector remain acute, particularly for small practices with limited IT resources. A technical investigation highlighted the dangers of improper hardware disposal and lack of disk encryption, revealing that sensitive data and password hashes can be easily extracted from discarded computers. Industry experts emphasize that business associates are a major source of breached records, accounting for a disproportionate share of affected individuals despite submitting fewer incident reports. This underscores the need for robust vendor oversight and comprehensive HIPAA compliance strategies, especially for small and mid-sized healthcare organizations.
2 months ago
Major Healthcare Data Breaches and Legal Fallout in the United States
Continuum Health Alliance, a health management provider based in New Jersey, agreed to settle a consolidated class action lawsuit following a data breach in October 2023 that compromised the personal information of over 377,000 patients from its client, Consensus Medical Group. The breach involved unauthorized access to sensitive data, including names and Social Security numbers, and led to multiple legal claims consolidated in New Jersey court. The settlement was reached after mediation, with all parties agreeing it was preferable to continued litigation, though the defendants denied liability. Separately, Denton County MHMR Center in Texas reported a significant data breach affecting nearly 109,000 patients, with unauthorized access occurring in December 2024. The compromised data included a wide range of protected health information, and affected individuals were notified and offered credit monitoring services. Additionally, Conduent, a major medical services provider, disclosed that a 2024 hacking incident impacted nearly 14.8 million Texans, a substantial increase from previous estimates, highlighting the ongoing challenges in accurately assessing the scope of large-scale healthcare data breaches and the risks posed by third-party vendors.
2 months agoHealthcare Data Breaches and HIPAA Security Challenges
A cyberattack on NS Support LLC, a neurosurgical healthcare provider, resulted in unauthorized access to its network and the exfiltration of files containing protected health information (PHI) for nearly 93,000 patients. The compromised data included names and medical notes, but not Social Security numbers or financial information. In response, NS Support wiped and rebuilt affected systems, implemented additional security measures, and began reviewing and updating its data security policies. Notification letters were sent to affected individuals, and the incident was reported to the Department of Health and Human Services Office for Civil Rights (HHS OCR). The healthcare sector continues to face a surge in data breaches, with over 700 large incidents reported annually from 2021 to 2024, compromising the PHI of more than 595 million individuals. Hacking and IT incidents are the primary causes, often facilitated by employee errors or lapses in cyber hygiene. Experts highlight the growing complexity of healthcare data ecosystems, especially with the rise of telehealth, and emphasize the need for robust data classification, continuous monitoring, and adaptive security controls to protect sensitive patient information. Regulatory frameworks like HIPAA remain central, but organizations must go beyond compliance to ensure comprehensive data protection across diverse platforms and partners.
3 months ago