Excerpt from Cybersecurity Insiders Article, Published on December 29, 2025
In 2025, US healthcare recorded a noticeable decline in the number of people affected by data breaches. New figures released by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) highlight a sharp contrast when compared to the previous year. The update was shared by John Riggi, National Advisor for Cybersecurity at the American Hospital Association (AHA).
According to the report, data breaches impacted approximately 42.2 million individuals in 2025. While this figure remains significant, it is far lower than the numbers reported in 2024. Last year saw more than 270 million people affected, largely due to the high – profile Change Healthcare cyberattack. That single incident inflated overall breach statistics across the sector.
Experts say the reduced numbers do not indicate weaker threats. Instead, they reflect the absence of one major breach of similar scale. Riggi emphasized that cyber risks continue to evolve and remain highly active across US healthcare systems. He also warned that breach figures can change over time due to delayed detection and reporting.
Many healthcare organizations discover cyber incidents months after the initial compromise. Advanced threat actors often use stealth techniques to remain undetected. These delays can increase the final count of affected individuals once investigations conclude. As a result, reported breach totals may rise after initial disclosures.
Another growing concern in 2025 involved AI – driven phishing attacks. Cybercriminals used realistic emails and messages to target healthcare employees. These attacks aimed to steal login credentials or deploy malware. James Scott Gee, Deputy National Advisor at the AHA, noted that such tactics successfully bypass traditional security controls.
Despite lower overall numbers, cybersecurity leaders urge caution. Organizations within US healthcare must continue strengthening defenses. Employee awareness, rapid incident response, and continuous monitoring remain essential. Without sustained investment, even smaller breaches can cause serious operational and reputational damage.
To delve deeper into this topic, Visit Cybersecurity .
