2025 Data Breach Trends in Healthcare and Education Sectors
Reporting on 2025 breach activity indicates incident volumes largely plateaued while impact varied by sector. In U.S. healthcare, HHS OCR portal data shows large breaches (affecting 500+ individuals) remained in the ~700–750 per year range, with an apparent 4.3% year-over-year decline in 2025 that may change as late reports are added; a late-2025 federal government shutdown is cited as a factor that could delay postings and inflate later totals. Despite relatively stable breach counts, the number of affected individuals dropped sharply year over year, from a record 289,162,330 in 2024 to at least 61,556,256 in 2025 (a reported 78% reduction).
In education, a Comparitech roundup cited in sector reporting attributes 251 claimed ransomware attacks against schools and universities globally in 2025 (vs. 247 in 2024), with 94 confirmed by victim organizations; while attack counts were steady, known exposed records across confirmed incidents rose to 3.9 million (up 27% from 3.1 million). Drivers highlighted include third-party software vulnerabilities and a small number of large higher-education breaches. Separately, general guidance for healthcare organizations reiterates HIPAA Breach Notification Rule obligations (45 CFR §§ 164.400–414), including notification timelines (no later than 60 days after discovery) and escalation requirements for larger incidents (e.g., 500+ affected individuals).
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
OCR resolved 21 HIPAA enforcement cases in 2025
During 2025, HHS OCR resolved 21 HIPAA enforcement actions and imposed $8,330,066 in financial penalties. The report said failures in risk analysis were the most commonly cited compliance issue.
Aflac disclosed the largest healthcare hacking incident of 2025
The 2025 healthcare breach report identified a hacking incident at Aflac as the largest healthcare data breach of the year. It was highlighted as the biggest single event among 2025 healthcare disclosures.
Large healthcare breach count fell 4.3% year over year in 2025
The number of large U.S. healthcare data breaches reported to HHS OCR declined by 4.3% in 2025 compared with 2024. The report cautioned that the final 2025 total may still rise because of late reporting and a 43-day federal government shutdown that paused portal updates.
Healthcare breaches affecting 61.6 million people were reported for 2025
At least 61,556,256 individuals were affected by U.S. healthcare data breaches involving 500 or more people reported to HHS OCR in 2025. This represented a 78.7% drop from 2024, largely because there were fewer mega breaches.
New York schools reported 662 data incidents in 2025
New York State's Education Department reported 662 school data incidents in 2025, up 72% from 384 in 2024. The annual report said Long Island schools reported 44 incidents, and cited human error, third-party unauthorized access, and external breaches including phishing, ransomware, and malware as key causes.
Confirmed 2025 school breaches exposed 3.9 million records
Confirmed ransomware incidents affecting educational institutions in 2025 exposed 3.9 million records, up 27% from 2024. The increase was linked partly to third-party software vulnerabilities and several unusually large higher-education breaches.
Ransomware gangs claimed 251 attacks on schools in 2025
In 2025, ransomware groups claimed 251 attacks on educational institutions, a slight increase from 2024. Of those 2025 claims, 94 were confirmed by the targeted schools or universities.
Quorum Cyber reported 63% rise in global higher-education cyber incidents
Quorum Cyber's 2026 Global Cyber Risk Outlook for Higher Education reported 425 cyber incidents affecting educational institutions across 67 countries between November 2024 and October 2025, up from 260 in the prior 12-month period. The report said data breaches rose 73% and hacktivist activity increased 75%, with universities targeted by nation-state actors and ransomware groups including FunkSec, Cl0p, and INC.
Healthcare sector recorded 18 mega breaches in 2024
The 2025 healthcare breach report uses 2024 as a comparison year, noting 18 healthcare breaches affecting more than 1 million individuals occurred in 2024. These mega breaches heavily drove the much higher 2024 victim total compared with 2025.
Educational institutions saw 247 ransomware claims in 2024
Comparitech's education ransomware roundup reported that ransomware gangs claimed 247 attacks on schools and universities in 2024. Confirmed 2024 incidents exposed about 3.1 million records.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Global education sector attacks surge 63% | brief | SC Media
scworld.com
Open sourceNYS school data incidents rose 72% in 2025, with 44 reported on Long Island - DataBreaches.Net
databreaches.net
Open sourceCyber Attacks on Schools Plateaued in 2025, but More Records Exposed - DataBreaches.Net
databreaches.net
Open source2025 Healthcare Data Breach Report
hipaajournal.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Healthcare Sector Data Breaches and Security Risks in Late 2025
A significant reduction in the number of large healthcare data breaches was reported for October 2025, with only 28 incidents affecting 500 or more individuals, the lowest monthly total since May 2020. However, the number of individuals impacted surged by 540% to over 11 million, largely due to a few major breaches still under investigation. The reporting delay was attributed to a government shutdown that created a backlog at the HHS Office for Civil Rights, potentially causing underreporting for the month. Notably, the Bosch Choice Welfare Benefit Plan disclosed a breach affecting 55,000 members, stemming from a business associate's cybersecurity incident that exposed sensitive personal and health information. The affected business associate also notified other covered entities and implemented additional safeguards in response. Security risks in the healthcare sector remain acute, particularly for small practices with limited IT resources. A technical investigation highlighted the dangers of improper hardware disposal and lack of disk encryption, revealing that sensitive data and password hashes can be easily extracted from discarded computers. Industry experts emphasize that business associates are a major source of breached records, accounting for a disproportionate share of affected individuals despite submitting fewer incident reports. This underscores the need for robust vendor oversight and comprehensive HIPAA compliance strategies, especially for small and mid-sized healthcare organizations.
Mar 21, 2026
Major Healthcare Data Breaches and Impacts in 2025
Healthcare organizations experienced a significant number of large-scale data breaches in 2025, with nearly 57 million individuals affected and at least 642 incidents reported to the Department of Health and Human Services (HHS) Office for Civil Rights. While this represents a notable decrease from the previous year, the sector continues to face substantial risks, with several high-profile breaches exposing sensitive patient information. Notable incidents include breaches at major healthcare providers and patient information portals, with some cases resulting in legal settlements and direct financial compensation to affected individuals. Among the most impactful breaches, Consulting Radiologists Ltd. agreed to a $2.2 million settlement after a 2024 breach exposed the personal and medical data of approximately 512,000 people. Additionally, New Zealand's ManageMyHealth platform reported a breach potentially affecting over 108,000 users, highlighting the global nature of healthcare data security challenges. These incidents underscore the ongoing threat to patient privacy and the financial and reputational consequences for healthcare organizations that fail to adequately protect sensitive information.
Mar 21, 2026
Healthcare breach trends and HIPAA enforcement priorities amid rising ransomware and third‑party risk
Reporting on healthcare security trends indicates **breach incidents increased sharply between 2024 and 2025**, even as the total number of compromised patient records declined, suggesting attackers are increasingly prioritizing **operational disruption** over mass data theft. Drivers cited include **ransomware**, **third‑party/vendor exposure**, and expanding “shadow AI” usage; the same reporting highlights low confidence in vendor risk assessments and in rapid detection/containment/recovery capabilities, reinforcing the need for improved visibility across overlapping technology stacks and more resilient security programs. Separately, the U.S. **HHS Office for Civil Rights (OCR)** stated it will continue HIPAA privacy/security enforcement despite federal office closures, and outlined 2026 priorities that include: continuing the **HIPAA Right of Access** initiative, expanding **Security Rule risk analysis** work into risk management, and emphasizing enforcement actions tied to **hacking and ransomware** (described as the leading driver of large breaches reported to OCR). OCR also noted preparation for a new enforcement program related to confidentiality of substance use disorder treatment records under **42 C.F.R. Part 2**, with breach reports and complaints expected to begin in February 2026.
Mar 21, 2026