Breaches occurring more frequently as providers’ attack vectors increase
Email-based rise dramatically; organizations report declining confidence in their ability to manage threats.
With all the front-page hype surrounding artificial intelligence and interoperability in healthcare, it’s easy to lose sight of a daily scourge facing health data – cyberthreats.
There’s a lot of news surrounding hyped-up technology, but breaches remain a significant concern for the industry. In fact, breach frequency in the healthcare industry increased more than 100 percent in 2025, compared with the number of breaches the previous year, according to data from Fortified Health Security, a Brentwood, Tenn.-based managed security services provider.
The organization’s 2026 Horizon Report, which is published bi-annually, describes what it calls a “defining shift in healthcare cybersecurity.” It’s one that leaves only 6 percent of healthcare organizations being “very confident in their ability to manage a cyber incident.”
The constant threat
The Fortified report found 502 breaches in 2025, compared with 237 breaches the previous year. However, the total number of patient records exposed was 35.5 million in 2025 vs. 251 million records in 2024, a total skewed upward by the enormous ransomware breach of Change Healthcare that reportedly exposed the records of 193 million people.
The report analyzes breach data from January 2024 through December 2025 from the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), Fortified’s rolling NIST Cybersecurity Framework (CSF) assessments and real-world incident response experience.
The data suggest a change in attack strategies and vulnerability, analysts suggest.
“The healthcare sector is experiencing more frequent cyber events with smaller data footprints, driven largely by ransomware, identity compromise and third-party weakness,” the Fortified report indicated. “This represents progress in limiting breach size but also signals a new phase of cyber risk, where operational resilience, response capacity and workforce sustainability matter as much as traditional data protection measures.”
There were 305 breaches through network servers in 2025, up 75.3 percent from 174 similar breaches the previous year.
The attack vector has widened, with organizations finding that there are more entry points and areas to protect. In 2025, email-based breaches more than doubled, driven by phishing, credential misuse and workforce errors. Some 123 email-based breaches were reported in 2025, up 215.4 percent increase over the 39 such breaches in 2024.
This “reinforces the need for continuous training and identity controls,” Fortified analysts conclude.
Cyber criminals also can gain access to healthcare data through third-party contractors that have access to providers’ healthcare information systems. Just 4 percent of surveyed leaders expressed strong confidence that vendor risk assessments align with actual risk. By contrast, 29 percent said they were not confident at all about the alignment of their risk assessments with those of their third-party vendors.
Another point of weakness is the use of outside, unvetted tools by clinicians. This practice has become more prevalent with the use of applications powered by artificial intelligence. Fortified concludes that “shadow AI” has emerged as a new insider threat, “as clinicians and staff increasingly use unsanctioned AI tools that operate outside of approved governance frameworks, potentially exposing sensitive data beyond organizational control.”
Threats rising, confidence shaken
A variety of factors are likely to put more pressure on providers’ security efforts, Fortified analysts contend.
“Accelerating federal initiatives, including the Rural Health Transformation Program, the Centers for Medicare & Medicaid Services (CMS) Interoperability and Prior Authorization Final Rule, and a potential update to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, are driving modernization while increasing the need for strong cybersecurity governance to avoid new exposure,” the report concludes.
With the increase in breaches in 2025 and efforts to boost interoperability, it’s no surprise that healthcare organizations are expressing less confidence about protecting data.
The research found that “only 6 percent of healthcare organizations report being very confident in their ability to detect, contain and recover from a cyber incident, highlighting persistent gaps in incident response readiness and recovery confidence.”
The biggest barriers to improving cyber security training remains lack of time, cited by 57 percent of respondents; lack of leadership support, mentioned by 23 percent; and other factors, mentioned by 20 percent.
“The next challenge for healthcare organizations is to turn volatility into visibility and readiness before the next major breach hits,” the report concludes. “Resilience will depend on that same momentum, pushing defense strategies, operational discipline and (heightened) visibility.”
Fred Bazzoli is the Editor in Chief of Health Data Management.