Final week, The HIPAA Journal launched its 2025 Healthcare Knowledge Breach Report, which discovered a year-over-year decline in healthcare information breaches. Based mostly on information downloaded from OCR, information breaches have fallen by 4.3 % yr over yr, Steve Alder wrote.
Nonetheless, Alder cautioned, it’s a little early to attract conclusions, as information breaches from 2025 are nonetheless being added to the OCR (Workplace for Civil Rights) breach portal. No breaches had been added to the portal through the 43-day federal authorities shutdown in late 2025. “The late additions in 2026 might subsequently be significantly greater than in earlier years,” Alder wrote.
In keeping with the report, information breaches are plateauing within the 700 to 750 vary, which is round two giant healthcare information breaches a day, twice the speed in 2018. There was a large discount within the variety of people affected by healthcare information breaches, Alder highlighted. “In 2025, at the very least 61,556,256 people had their protected well being data uncovered or impermissibly disclosed, a 78.7 % lower from 2024.”
The most important healthcare information breach of 2025 was a hacking assault at Aflac insurance coverage, impacting over 22.6 million individuals worldwide. It concerned unauthorized entry to the protected well being data (PHI) of almost 14 million people within the U.S.
There was a rising development of entities concerned in information breaches not disclosing the basis trigger, whether or not it entails information theft, extortion, malware, or ransomware, Alder famous.
The report said that whereas small decreases occurred in hacking/IT incidents, loss/theft incidents, and improper disposal incidents in comparison with the earlier yr, there was a 17.4 % enhance in unauthorized entry/disclosure incidents.
Many of the yr’s information breaches concerned uncovered or stolen PHI saved on community servers (61.5 %). Almost 1 / 4 of breaches (24.9 %) concerned compromised e-mail accounts. Bodily PHI—equivalent to paper paperwork and movies—was compromised in 5.6 % of breaches, whereas 4.6 % concerned unauthorized entry to digital medical data.
The OCR information breach portal at present lists 523 information breaches at healthcare suppliers, 56 at well being plans, and two at healthcare clearinghouses, Alder reported. An additional 128 information breaches had been reported by enterprise associates of HIPAA-covered entities.
