Healthcare cybersecurity so far in 2025: 5 notes

While the total of breached patient records so far in 2025 pales in comparison to the previous two years, the “number is still far too high and should not be tolerated as the norm,” American Hospital Association leaders wrote.

Here are five healthcare cybersecurity-related figures from the Oct. 7 article by John Riggi, national advisor for cybersecurity and risk, and Scott Gee, deputy national advisor for cybersecurity and risk:

1. As of Oct. 3, 364 hacking incidents involving 33 million individuals have been reported to HHS’ Office of Civil Rights, compared to 259 million in 2024 — including 192.7 million from the Change Healthcare ransomware attack — and 138 million in 2023.

2. Over 80% of health records were stolen from third-party vendors, software services, business associates and nonhospital providers and health plans like CMS.

3. More than 90% of records were taken from outside the EHR.

4. All of the hacked data was not encrypted, with stolen credentials giving access to encrypted data or unencrypted records being stored outside the EHR.

5. Many of the reported hacks in 2024 and 2025 were ransomware attacks coupled with data theft, aka double-layered extortion.

The post Healthcare cybersecurity so far in 2025: 5 notes appeared first on Becker’s Hospital Review | Healthcare News & Analysis.