Healthcare Sector Data Breaches and Security Risks in Late 2025
A significant reduction in the number of large healthcare data breaches was reported for October 2025, with only 28 incidents affecting 500 or more individuals, the lowest monthly total since May 2020. However, the number of individuals impacted surged by 540% to over 11 million, largely due to a few major breaches still under investigation. The reporting delay was attributed to a government shutdown that created a backlog at the HHS Office for Civil Rights, potentially causing underreporting for the month. Notably, the Bosch Choice Welfare Benefit Plan disclosed a breach affecting 55,000 members, stemming from a business associate's cybersecurity incident that exposed sensitive personal and health information. The affected business associate also notified other covered entities and implemented additional safeguards in response.
Security risks in the healthcare sector remain acute, particularly for small practices with limited IT resources. A technical investigation highlighted the dangers of improper hardware disposal and lack of disk encryption, revealing that sensitive data and password hashes can be easily extracted from discarded computers. Industry experts emphasize that business associates are a major source of breached records, accounting for a disproportionate share of affected individuals despite submitting fewer incident reports. This underscores the need for robust vendor oversight and comprehensive HIPAA compliance strategies, especially for small and mid-sized healthcare organizations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Healthcare practice computer discarded with unencrypted patient data
A computer from a small healthcare practice was discarded in a bulk goods disposal area with its hard drive still intact and unencrypted. The drive contained exposed personal, financial, and healthcare records dating from 2013 to 2018, illustrating a secure disposal failure.
October 2025 healthcare breach totals show 28 incidents and 11M+ affected
Healthcare organizations reported 28 breaches affecting 500 or more individuals in October 2025, the lowest monthly count since May 2020. Despite the lower incident count, more than 11 million individuals were affected, largely because of the Conduent breach.
Business associate notifies entities and individuals after Bosch-related breach
Following the Bosch Choice Welfare Benefit Plan incident, the affected business associate notified impacted entities and individuals and implemented additional technical safeguards. These actions were part of the response to the vendor-linked breach.
Bosch Choice Welfare Benefit Plan breach reported to HHS OCR
A data breach affecting 55,000 Bosch Choice Welfare Benefit Plan members was reported to the HHS Office for Civil Rights on October 31, 2025. The breach stemmed from a cybersecurity incident at a vendor of a business associate and exposed names, Social Security numbers, dates of birth, claims, insurance details, and diagnoses.
SafePay ransomware group claims responsibility for Conduent breach
The SafePay ransomware group publicly claimed responsibility for the Conduent Business Services breach. This provided threat-actor attribution for one of the largest healthcare-related incidents reported in the period.
Conduent Business Services breach impacts millions in healthcare sector
A major breach at Conduent Business Services affected healthcare data on a massive scale and may have impacted up to 14.8 million people in Texas alone. The incident drove a sharp increase in the number of individuals affected by healthcare breaches reported for October 2025.
Leidos QTC Health First Rehabilitation Resources email breach begins
In August 2025, Leidos QTC Health First Rehabilitation Resources experienced unauthorized access to its email system, exposing patient data including names, government IDs, Social Security numbers, and medical information. The organization moved to secure systems, brought in third-party cybersecurity experts, and later upgraded security infrastructure.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
October 2025 Healthcare Data Breach Report
hipaajournal.com
Open sourceBusiness Associate Data Breach Affects 55K Bosch Choice Welfare Benefit Plan Members
hipaajournal.com
Open sourceDumpster Diving for Data
projectblack.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Major Healthcare Data Breaches and Impacts in 2025
Healthcare organizations experienced a significant number of large-scale data breaches in 2025, with nearly 57 million individuals affected and at least 642 incidents reported to the Department of Health and Human Services (HHS) Office for Civil Rights. While this represents a notable decrease from the previous year, the sector continues to face substantial risks, with several high-profile breaches exposing sensitive patient information. Notable incidents include breaches at major healthcare providers and patient information portals, with some cases resulting in legal settlements and direct financial compensation to affected individuals. Among the most impactful breaches, Consulting Radiologists Ltd. agreed to a $2.2 million settlement after a 2024 breach exposed the personal and medical data of approximately 512,000 people. Additionally, New Zealand's ManageMyHealth platform reported a breach potentially affecting over 108,000 users, highlighting the global nature of healthcare data security challenges. These incidents underscore the ongoing threat to patient privacy and the financial and reputational consequences for healthcare organizations that fail to adequately protect sensitive information.
Mar 21, 2026
Healthcare Data Breaches and HIPAA Security Challenges
A cyberattack on NS Support LLC, a neurosurgical healthcare provider, resulted in unauthorized access to its network and the exfiltration of files containing protected health information (PHI) for nearly 93,000 patients. The compromised data included names and medical notes, but not Social Security numbers or financial information. In response, NS Support wiped and rebuilt affected systems, implemented additional security measures, and began reviewing and updating its data security policies. Notification letters were sent to affected individuals, and the incident was reported to the Department of Health and Human Services Office for Civil Rights (HHS OCR). The healthcare sector continues to face a surge in data breaches, with over 700 large incidents reported annually from 2021 to 2024, compromising the PHI of more than 595 million individuals. Hacking and IT incidents are the primary causes, often facilitated by employee errors or lapses in cyber hygiene. Experts highlight the growing complexity of healthcare data ecosystems, especially with the rise of telehealth, and emphasize the need for robust data classification, continuous monitoring, and adaptive security controls to protect sensitive patient information. Regulatory frameworks like HIPAA remain central, but organizations must go beyond compliance to ensure comprehensive data protection across diverse platforms and partners.
Mar 21, 2026
2025 Data Breach Trends in Healthcare and Education Sectors
Reporting on 2025 breach activity indicates **incident volumes largely plateaued** while impact varied by sector. In U.S. healthcare, HHS OCR portal data shows large breaches (affecting 500+ individuals) remained in the **~700–750 per year** range, with an apparent **4.3% year-over-year decline** in 2025 that may change as late reports are added; a late-2025 **federal government shutdown** is cited as a factor that could delay postings and inflate later totals. Despite relatively stable breach counts, the number of affected individuals dropped sharply year over year, from a record **289,162,330** in 2024 to at least **61,556,256** in 2025 (a reported **78% reduction**). In education, a Comparitech roundup cited in sector reporting attributes **251 claimed ransomware attacks** against schools and universities globally in 2025 (vs. 247 in 2024), with **94 confirmed** by victim organizations; while attack counts were steady, known exposed records across confirmed incidents rose to **3.9 million** (up **27%** from 3.1 million). Drivers highlighted include **third-party software vulnerabilities** and a small number of large higher-education breaches. Separately, general guidance for healthcare organizations reiterates **HIPAA Breach Notification Rule** obligations (45 CFR §§ 164.400–414), including notification timelines (no later than **60 days** after discovery) and escalation requirements for larger incidents (e.g., **500+** affected individuals).
Apr 30, 2026