Hacks lead health data breach trends so far in 2025

Midway through 2025, the federal website listing major health data breaches in the U.S. shows a familiar scene: Many hacking incidents, including ransomware, dozens of third-party vendor incidents, and millions of individuals affected by compromised personal data.

As of July 7, a snapshot of the U.S. Department of Health and Human Services HIPAA Breach Reporting Tool website shows 345 health data breaches reported so far in 2025, affecting 500 or more individuals. Those 345 breaches affected nearly 29.9 million people. That’s fewer than the 408 breaches reported by June 30, 2024, and at that time, those breaches affected nearly 52.7 million people, almost twice as many for the same period in 2025.

Hacking or IT incidents lead the way by far as the most commonly reported type of health data breach midway in 2025. The HHS OCR website shows 258 such hacks, compromising the data of 28.8 million people, or nearly 97% of the people affected so far in 2025. Nine out of the 10 largest health data breaches posted to the HHS OCR website this year involved a hacking incident.

Read more at Healthcare Info Security