Final week, The HIPAA Journal launched its 2025 Healthcare Information Breach Report, which discovered a year-over-year decline in healthcare knowledge breaches. Primarily based on knowledge downloaded from OCR, knowledge breaches have fallen by 4.3 % yr over yr, Steve Alder wrote.
Nevertheless, Alder cautioned, it’s a little early to attract conclusions, as knowledge breaches from 2025 are nonetheless being added to the OCR (Workplace for Civil Rights) breach portal. No breaches had been added to the portal throughout the 43-day federal authorities shutdown in late 2025. “The late additions in 2026 may due to this fact be significantly increased than in earlier years,” Alder wrote.
In line with the report, knowledge breaches are plateauing within the 700 to 750 vary, which is round two massive healthcare knowledge breaches a day, twice the speed in 2018. There was a large discount within the variety of people affected by healthcare knowledge breaches, Alder highlighted. “In 2025, no less than 61,556,256 people had their protected well being info uncovered or impermissibly disclosed, a 78.7 % lower from 2024.”
The most important healthcare knowledge breach of 2025 was a hacking assault at Aflac insurance coverage, impacting over 22.6 million folks worldwide. It concerned unauthorized entry to the protected well being info (PHI) of practically 14 million people within the U.S.
There was a rising pattern of entities concerned in knowledge breaches not disclosing the foundation trigger, whether or not it includes knowledge theft, extortion, malware, or ransomware, Alder famous.
The report acknowledged that whereas small decreases occurred in hacking/IT incidents, loss/theft incidents, and improper disposal incidents in comparison with the earlier yr, there was a 17.4 % improve in unauthorized entry/disclosure incidents.
Many of the yr’s knowledge breaches concerned uncovered or stolen PHI saved on community servers (61.5 %). Practically 1 / 4 of breaches (24.9 %) concerned compromised electronic mail accounts. Bodily PHI—equivalent to paper paperwork and movies—was compromised in 5.6 % of breaches, whereas 4.6 % concerned unauthorized entry to digital medical data.
The OCR knowledge breach portal at present lists 523 knowledge breaches at healthcare suppliers, 56 at well being plans, and two at healthcare clearinghouses, Alder reported. An additional 128 knowledge breaches had been reported by enterprise associates of HIPAA-covered entities.
