As we reach the halfway point of 2025, the healthcare industry is seeing an unprecedented number of data breaches. In fact, over 29 million individuals have been affected by large-scale breaches and downtime incidents, showing critical vulnerabilities in our healthcare systems. These breaches not only compromise patient privacy but also disrupt the continuity of care, highlighting the urgent need for robust cybersecurity measures.
In this blog we will highlight the top ten breaches so far this year and how dbtech’s Downtime Solution can help you avoid making the same mistakes.
Major Healthcare Data Breaches in the First Half of 2025
1. Yale New Haven Health System – 5.6 Million Affected
In April 2025, Yale New Haven Health System reported a breach impacting over 5.5 million individuals. The unauthorized access compromised sensitive data, including names, birthdates, and Social Security numbers. Fortunately, electronic medical records were not involved, and patient care was not disrupted. (TechTarget)
2. Episource – 5.4 Million Affected
Episource, a health IT vendor, experienced a ransomware attack in February 2025, affecting more than 5.4 million individuals. The breach exposed personal and medical information, including health insurance data and Social Security numbers. (TechTarget)
3. Blue Shield of California – 4.7 Million Affected
A misconfigured Google Analytics setup led to a breach at Blue Shield of California, affecting 4.7 million members. The configuration inadvertently shared member data with Google Ads, potentially exposing sensitive information. (TechTarget)
4. McLaren Health Care – 743,000 Affected
McLaren Health Care suffered a cyberattack that compromised the personal and medical information of 743,000 patients. This breach underscores the persistent threat of cyberattacks in the healthcare sector. (Tom’s Guide)
5. Change Healthcare – 190 Million Affected
In early 2025, a cyberattack on Change Healthcare resulted in one of the largest breaches of the year, compromising over 190 million individuals. The breach led to significant financial losses, estimated at over $3 billion in direct response and business disruption costs. (WSJ)
6. MedStar Health – 3.4 Million Affected
MedStar Health experienced a breach in March 2025, affecting 3.4 million individuals. The attack was reportedly the result of a sophisticated ransomware attack targeting critical systems. Patient records were exposed, leading to significant concerns about the security of personal health data. (TechTarget)
7. Northwell Health – 2.9 Million Affected
Northwell Health, a leading healthcare provider in New York, fell victim to a data breach in March 2025. The breach affected approximately 2.9 million individuals and exposed sensitive health information. The attack was allegedly carried out through phishing emails targeting internal staff. (TechTarget)
8. Sutter Health – 1.5 Million Affected
Sutter Health, a prominent healthcare system in California, suffered a breach in February 2025 that impacted 1.5 million patients. The breach occurred through a third-party vendor that had inadequate cybersecurity protections. Personal and health information were exposed. (TechTarget)
9. University of California Health System – 1.2 Million Affected
The University of California Health System was breached in February 2025, affecting over 1.2 million individuals. This breach exposed a wide range of personal data, including medical records, financial data, and Social Security numbers. The breach is thought to have occurred as a result of an insecure web application. (TechTarget)
10. Banner Health – 800,000 Affected
Banner Health suffered a significant breach in January 2025, affecting around 800,000 individuals. The attack was reportedly the result of a cyberattack targeting employee credentials, which were then used to access sensitive health data. (TechTarget)
The Escalation of Downtime and Cyberattacks
These incidents are part of a troubling trend where hacking and IT incidents account for the majority of healthcare data breaches. In fact, nine of the ten largest breaches in 2025 were due to such incidents, with only one resulting from unauthorized disclosure. (TechTarget)
The financial and reputational damage from these breaches is shocking. For instance, the cyberattack on Change Healthcare in 2024, which affected approximately 190 million individuals, led to an estimated $3.09 billion in direct response and business disruption expenses. (WSJ)
Looking Ahead: Protect Your Organization
The year is only halfway through, and the threat landscape continues to increase. Healthcare organizations must prioritize cybersecurity to protect patient data and ensure uninterrupted care. Implementing robust security protocols, conducting regular risk assessments, and educating staff on cybersecurity best practices are essential steps.
How dbtech Can Help
At dbtech, we understand the critical importance of data security in healthcare. Our comprehensive cybersecurity solutions are designed to protect your organization from the growing threat of cyberattacks. Don’t let your organization become another statistic. Partner with dbtech to strengthen your defenses and maintain the trust of your patients. Talk to our team today.