Health Care Data Breaches Plunge in 2025

March 06, 2026

Health care fought back against data breaches in 2025.

There were 32 fewer large health care data breaches reported last year, and the number of people who had their protected health information exposed decreased nearly 79 percent from 2024, according to the HIPAA Journal.\

“What is clear is that the large annual increases in data breaches between 2018 and 2021 appear to have come to an end, with data breaches plateauing in the 700 to 750 range,” the report said.

Among the key takeaways:

• Bouncing Back: The 2024 Change Healthcare ransomware attack was the largest data breach in history, affecting more than 192,700,000 people.  
  • Even after accounting for the massive data breach, 2025 still had fewer data breaches. That’s because there were fewer “mega breaches” involving one million people or more.
• State perspective:  Georgia had the most individuals affected by data breaches, with over 16 million. Pennsylvania ranked 12th. 
  • California led the way for data breach incidents (69), followed by Florida and Texas. Pennsylvania had the sixth-most reported (32).
• Top issues:  Hacking incidents remain the top culprit, followed by unauthorized access/disclosure, loss theft, and improper device disposal.
• Average breach:  The average data breach fell from nearly 390,700 individuals during 2024 to about 86,700 last year.
• Staying vigilant: Threats persist everywhere. This week, the FBI reminded critical infrastructure organization to be on the lookout for potential actions from Iranian-affiliated cyber actors due to geopolitical tensions.

Additional information is available online.